HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 2 members online
 
Advertisement

You are here: Home arrow Resourcesarrow Toolsarrow Web Applications Vulnerabilities CVSSv2 Calculator
EH-Net
May 23, 2013, 04:04:39 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Web Applications Vulnerabilities CVSSv2 Calculator  (Read 2342 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4167


Editor-In-Chief


View Profile WWW
« on: December 27, 2012, 12:00:45 PM »
Thought this was a pretty interesting way to calculate risk. Although it is based on their own internal risk assessments, it might make for a good starting point in your own organization when talking to higher ups or generating a report to a client:

Quote

This calculator creates a CVSSv2 base score for vulnerabilities in web applications based on the High-Tech Bridge internal scoring system that is implemented in our HTB Security Advisories and is used to calculate risk of discovered vulnerabilities.

Not all vulnerabilities are scored in strict accordance to FIRST recommendations. Our CVSSv2 scores are based on our long internal experience in web applications auditing and penetration testing, taking into consideration a lot of practical nuances and details. Therefore sometimes they may differ from those ones that are recommended by FIRST.


Web Applications Vulnerabilities CVSSv2 Calculator:
https://www.htbridge.com/cvss_web_calculator/

Take a look and let us know what you think.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Grendel
Full Member
***
Offline Offline

Posts: 242


View Profile WWW
« Reply #1 on: December 27, 2012, 01:10:12 PM »
That's actually pretty good - naturally, it needs to be modified based on the actual network architecture / security posture / etc... but that's probably why they say "we suggest."
« Last Edit: December 27, 2012, 01:23:36 PM by Grendel » Logged
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #2 on: December 27, 2012, 06:19:40 PM »
That's handy!  Thanks for sharing, Don!
Logged
GSEC, eCPPT, Sec+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.056 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.