The Common Criteria Web Application Security Scoring (CCWAPSS) is a scoring scale developed by security consultants to evaluate the security level of a web application regarding penetration tests and security assessments.
The main benefit of this scoring method is to fight against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).
The 11 scoring criteria
This scale is based on 11 documented scoring criteria; each one is described in the OWASP project :
Each criterion is relative to a section of the OWASP Guide 3.0.
1 - Authentication
2 - Authorization
3 - User’s Input Sanitization
4 - Error Handling and Information leakage
5 - Passwords/PIN Complexity
6 - User’s data confidentiality
7 - Session mechanism
8 - Patch management
9 - Administration interfaces
10 - Communication security
11 - Third-Party services exposure