From: Shackleford, Dave (znz1@cdc.gov)
Date: Wed Sep 17 2003 - 14:41:02 EDT
Although it isn't as cut and dry as "See this? It's an H!" etc., these
templates may give you some guidelines:
--Dave
Dave Shackleford
--------------------------------------------------
Technical Lead - NCCDPHP/OIIRM
(770)488-5816
znz1@cdc.gov
-----Original Message-----
From: thomasng@bigfella.is-a-geek.net
[mailto:thomasng@bigfella.is-a-geek.net]
Sent: Wednesday, September 17, 2003 4:10 AM
To: pen-test@securityfocus.com
Subject: mapping vulnerabilities into high medium low risk
Hi,
Anyone know any open source methodology about categorizing
vulnerabilities? When doing a Pent Test, I need to categorize a particular
vulnerability into high medium or low risk. These vulnerabilities may be a
web application vulnerability or may be a new system vuln that has yet to
be discovered. So is there any open source methodology that give you a
guide to how to categorize the vuln?
Rgds
Thomas
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for
21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT