Local flatness

From formulasearchengine
Revision as of 21:34, 3 January 2014 by en>David Eppstein (see also Neat submanifold (is this the same concept, or just very similar?))
Jump to navigation Jump to search

Template:Orphan Template:Primarysources

The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments.

The main benefit of this scoring method is to fight against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).

The 11 scoring criteria

This scale is based on 11 documented scoring criteria; each one is described in the OWASP project :

Score=10Risks+(Excellents/Risks)

Each criterion is relative to a section of the OWASP Guide 3.0.

1 - Authentication

2 - Authorization

3 - User’s Input Sanitization

4 - Error Handling and Information leakage

5 - Passwords/PIN Complexity

6 - User’s data confidentiality

7 - Session mechanism

8 - Patch management

9 - Administration interfaces

10 - Communication security

11 - Third-Party services exposure

See also