Mastering OWASP Risk Rating

-

Whaddup y'all..



Besides the well-known CVSS, there’s actually an alternative risk assessment method, especially for web pentests, called the OWASP Risk Rating. As the name suggests, this method is provided by the OWASP organization.

Luckily, someone made a calculator so you don’t have to manually calculate the score. But it still uses pretty formal language, which can be confusing sometimes. I’ve made a simpler explanation for each factor, hope it helps you understand better!🔥

1. Likelihood Factors

The first step is to estimate how likely it is that an attacker will find and exploit the vulnerability. There are two sub-factors: the threat agent factor and the vulnerability factor.

a) Threat Agent Factors

b) Vulnerability Factors


2. Impact Factors

After a successful attack, the next step is to estimate the technical and business impacts of the vulnerability. There are two sub-factors: the technical impact factor and the business impact factor.

a) Technical Impact Factors


b) Business Impact Factors

In The Wild Reality

As a pentester, we usually just fill out a form with three factors: threat agent, vulnerability, and technical impact. For the business impact factor, it requires a deep understanding of what’s important for the company’s operations. If necessary, the pentester and the company should collaborate to fill out the business impact factor together.

Reference

Comments

Post a Comment

Popular posts from this blog

TP-Link AC600 Archer T2U Plus Driver for Kali Linux on Macbook (Apple Silicon)

-
Image
Whaddup y'all.. Today, I will share how to install driver of TP-Link wireless adapter for kali linux on macbook pro M1 (Apple Silicon). After searching after searching, finally i found that way, happy reading. How to ? 1. Install Requirement Install all requirement bellow. sudo apt update sudo apt install dkms git bc sudo apt install build-essential libelf-dev linux-headers-$(uname -r) git clone https://github.com/aircrack-ng/rtl8812au git clone https://github.com/morrownr/8821au-20210708 2. Instal dkms cd rtl8812au sudo make dkms_install 3. Check Kernel version Check what kind of kernel that ur kali linux used. Run neofetch to check. 4. Download Library Visit https://kali.download/kali/pool/main/l/linux/ to download the library base on your kernel version. For our case is 6.11.2-rt-arm64. wget https://kali.download/kali/pool/main/l/linux/linux-kbuild-6.11.2_6.11.2-1kali1_arm64.deb  wget https://kali.download/kali/pool/main/l/linux/linux-headers-6.11.2-common-rt_6.11.2-1kali1...
See what’s up »

Deepfake + Virtual Webcam Setup on Apple Silicon Mac

-
Image
Wanna try deepfake with your webcam on Mac? In this tutorial, I’ll show you how to run Deep-Live-Cam on Mac with Apple Silicon (M1/M2/M3). We’ll use Python, set up the virtual camera with OBS, and make it work with Omegle or other video platforms. Just follow step by step, no stress, it’s beginner friendly. Faiyaaa🔥 ⚙️ Installation Install Python 3.10 (Stable Version), download from the official website: https://www.python.org/downloads/macos/ Install FFmpeg: brew install ffmpeg Download the Deep-Live-Cam Repository: git clone https://github.com/hacksider/Deep-Live-Cam.git cd Deep-Live-Cam Download the Model Files: cd models/ wget https://huggingface.co/hacksider/deep-live-cam/resolve/main/GFPGANv1.4.pth  wget https://huggingface.co/hacksider/deep-live-cam/resolve/main/inswapper_128_fp16.onnx Create a Python Virtual Environment: python3.10 -m venv venv source venv/bin/activate Install Deep-Live-Cam Requirements: pip3.10 install -r requirements.txt Install CoreML Execution Pr...
See what’s up »