.

Web Applications Vulnerabilities CVSSv2 Calculator

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Dec 27, 2012 1:00 pm

Web Applications Vulnerabilities CVSSv2 Calculator

Thought this was a pretty interesting way to calculate risk. Although it is based on their own internal risk assessments, it might make for a good starting point in your own organization when talking to higher ups or generating a report to a client:


This calculator creates a CVSSv2 base score for vulnerabilities in web applications based on the High-Tech Bridge internal scoring system that is implemented in our HTB Security Advisories and is used to calculate risk of discovered vulnerabilities.

Not all vulnerabilities are scored in strict accordance to FIRST recommendations. Our CVSSv2 scores are based on our long internal experience in web applications auditing and penetration testing, taking into consideration a lot of practical nuances and details. Therefore sometimes they may differ from those ones that are recommended by FIRST.



Web Applications Vulnerabilities CVSSv2 Calculator:
https://www.htbridge.com/cvss_web_calculator/

Take a look and let us know what you think.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Thu Dec 27, 2012 2:10 pm

Re: Web Applications Vulnerabilities CVSSv2 Calculator

That's actually pretty good - naturally, it needs to be modified based on the actual network architecture / security posture / etc... but that's probably why they say "we suggest."
Last edited by Grendel on Thu Dec 27, 2012 2:23 pm, edited 1 time in total.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Dec 27, 2012 7:19 pm

Re: Web Applications Vulnerabilities CVSSv2 Calculator

That's handy!  Thanks for sharing, Don!
GSEC, eCPPT, Sec+

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software