- This topic has 2 replies, 3 voices, and was last updated 7 years, 1 month ago by .
- You must be logged in to reply to this topic.
Thought this was a pretty interesting way to calculate risk. Although it is based on their own internal risk assessments, it might make for a good starting point in your own organization when talking to higher ups or generating a report to a client:
This calculator creates a CVSSv2 base score for vulnerabilities in web applications based on the High-Tech Bridge internal scoring system that is implemented in our HTB Security Advisories and is used to calculate risk of discovered vulnerabilities.
Not all vulnerabilities are scored in strict accordance to FIRST recommendations. Our CVSSv2 scores are based on our long internal experience in web applications auditing and penetration testing, taking into consideration a lot of practical nuances and details. Therefore sometimes they may differ from those ones that are recommended by FIRST.
Web Applications Vulnerabilities CVSSv2 Calculator:
Take a look and let us know what you think.
That’s actually pretty good – naturally, it needs to be modified based on the actual network architecture / security posture / etc… but that’s probably why they say “we suggest.”
That’s handy! Thanks for sharing, Don!
– EH-Net Live! Join us on Wed Jan 29 @ 1:00 PM EST for “Shellcode for the Masses“ w/ John Hammond. Reg Open Now!
– EH-Net Live! December – Video & Deck Available Now! for “Burp-less Hacking – Learning Web Application Pentesting on a Budget” w/ Phillip Wylie from Dec 19.
– EH-Net Live! November – Video & Deck Available Now! for “All Things CTF!” w/ Ray Doyle of EverSecCTF from Nov 21.
– EH-Net Live! October – Video & Deck Available Now! for “Hacking Humans” w/ Hadnagy, Paul & Baron from Oct 29.
– EH-Net Live! August – Video & Deck Available Now! for “Wireshark for Hackers” w/ Laura Chappell from Aug 29.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
Copyright ©2020 Caendra, Inc.