OWASP Risk Evaluation

EHS Blog

	Categories > Web Hosting > Website Design > PHP > Perl > JSP

	Archives No Records !!!

OWASP Risk Evaluation
at 2007-08-12 15:10:20

When you read the OWASP risk evaluation standard carefully you might get as confused as I got. They estimate the risk by first estimating the likelihood and then estimating the technical and business impact. The estimation is done by assigning the numbers 0..9 to a number of factors.

So far so good. Most of it makes perfect sense, but I was a little bit confused about the following factor:

Opportunity: What resources and opportunity are required for this group of
attackers to find and exploit this vulnerability? No access or special
resources (0), limited access and resources (4), special access or
resources (7), full access or expensive resources (9)

According to this factor the likelihood of an attack increases when more access to the application and more expensive resources are required on the attacker's side. I dare to doubt that

Blog Source - http://blog.php-security.org/feeds/index.rss

Last 10 Posts


	- Java University: Building Dynamic Web Sites with Ajax and Dojo
	- JavaFX -- Simplifying UI for Content Developers
	- Simplify App Development with The Swing Application Framework
	- Configuring NetBeans for the Java Persistence API
	- The Swing Application (Un)Framework
	- POJOs on the Desktop with the Java Persistence API
	- Swing Application Framework Architecture
	- Swing Application Framework: Lifecycle Events
	- Core Java Technologies Tech Tips
	- Managing resources in the Swing Application Framework (JSR 296)

Check Out Amazon