mapping vulnerabilities into high medium low risk

thomasng_at_bigfella.is-a-geek.net
Date: 09/17/03

Next message: Balwant Rathore: "FIST 2003: September"

Previous message: Jon Hart: "mysql as a file upload/download vector"
Next in thread: Earl Sammons: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Earl Sammons: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Robert E. Lee: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Shackleford, Dave: "RE: mapping vulnerabilities into high medium low risk"
Reply: Rob J Meijer: "Re: mapping vulnerabilities into high medium low risk"
Maybe reply: thomasng_at_bigfella.is-a-geek.net: "Re: mapping vulnerabilities into high medium low risk"
Maybe reply: Stamford, Mark: "RE: mapping vulnerabilities into high medium low risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 17 Sep 2003 16:09:49 +0800 (SGT)
To: pen-test@securityfocus.com

Hi,

Anyone know any open source methodology about categorizing
vulnerabilities? When doing a Pent Test, I need to categorize a particular
vulnerability into high medium or low risk. These vulnerabilities may be a
web application vulnerability or may be a new system vuln that has yet to
be discovered. So is there any open source methodology that give you a
guide to how to categorize the vuln?

Rgds

Thomas

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

Next message: Balwant Rathore: "FIST 2003: September"

Previous message: Jon Hart: "mysql as a file upload/download vector"
Next in thread: Earl Sammons: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Earl Sammons: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Robert E. Lee: "RE: mapping vulnerabilities into high medium low risk"
Maybe reply: Shackleford, Dave: "RE: mapping vulnerabilities into high medium low risk"
Reply: Rob J Meijer: "Re: mapping vulnerabilities into high medium low risk"
Maybe reply: thomasng_at_bigfella.is-a-geek.net: "Re: mapping vulnerabilities into high medium low risk"
Maybe reply: Stamford, Mark: "RE: mapping vulnerabilities into high medium low risk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: mapping vulnerabilities into high medium low risk
... I need to categorize a particular ... vulnerability into high medium or low risk. ... New for security consultants and in-house pros: ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
RE: mapping vulnerabilities into high medium low risk
... Do these take account of factors other then just "It's a blank password, ... I'm thinking that in order to really rate the vulnerability as H,M,L you ... mapping vulnerabilities into high medium low risk ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)
RE: mapping vulnerabilities into high medium low risk
... A vulnerability is "medium severity" if: ... control over a system but instead gives the attacker knowledge that may help ... technology powered by the award-winning FoundScan engine. ...
(Pen-Test)