RE: mapping vulnerabilities into high medium low risk

From: Shackleford, Dave (znz1_at_cdc.gov)
Date: 09/17/03

  • Next message: Curt Purdy: "RE: [inbox] Firewall Penetration Testing" 
    To: "'thomasng@bigfella.is-a-geek.net'" <thomasng@bigfella.is-a-geek.net>, pen-test@securityfocus.com
Date: Wed, 17 Sep 2003 14:41:02 -0400

    Although it isn't as cut and dry as "See this? It's an H!" etc., these
    templates may give you some guidelines:

    http://www.sans.org/score/

    --Dave
    Dave Shackleford
    --------------------------------------------------
    Technical Lead - NCCDPHP/OIIRM
    (770)488-5816
    znz1@cdc.gov

    -----Original Message-----
    From: thomasng@bigfella.is-a-geek.net
    [mailto:thomasng@bigfella.is-a-geek.net]
    Sent: Wednesday, September 17, 2003 4:10 AM
    To: pen-test@securityfocus.com
    Subject: mapping vulnerabilities into high medium low risk

    Hi,

    Anyone know any open source methodology about categorizing
    vulnerabilities? When doing a Pent Test, I need to categorize a particular
    vulnerability into high medium or low risk. These vulnerabilities may be a
    web application vulnerability or may be a new system vuln that has yet to
    be discovered. So is there any open source methodology that give you a
    guide to how to categorize the vuln?

     

    Rgds

    Thomas

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for
    21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

  • Next message: Curt Purdy: "RE: [inbox] Firewall Penetration Testing"

    Relevant Pages

    • mapping vulnerabilities into high medium low risk
      ... Anyone know any open source methodology about categorizing ... I need to categorize a particular ... vulnerability into high medium or low risk. ... technology powered by the award-winning FoundScan engine. ...
      (Pen-Test)
    • RE: mapping vulnerabilities into high medium low risk
      ... Do these take account of factors other then just "It's a blank password, ... I'm thinking that in order to really rate the vulnerability as H,M,L you ... mapping vulnerabilities into high medium low risk ... technology powered by the award-winning FoundScan engine. ...
      (Pen-Test)
    • RE: mapping vulnerabilities into high medium low risk
      ... A vulnerability is "medium severity" if: ... control over a system but instead gives the attacker knowledge that may help ... technology powered by the award-winning FoundScan engine. ...
      (Pen-Test)