Vulnerability Assessor Risk Rating System | |
Rating | Vulnerability |
Low | Server has an IP address |
Medium | Web server apparently is serving up web pages |
High | Server running SSL instead of TLS |
Super High | Directory content listing found in default Apache directory |
Double-plus ungood | Self-signed certificate found on test web server |
Critical | Correctly guessed login name is “admin” |
Mega-bad | DoS vulnerability found in version number in banner grab |
Fraught with peril | Developer email address found in HTML source |
Horrendous | Password autocomplete not disabled on login form |
Apocalyptic | Non-persistent cross-site scripting found |
SQL injection found on admin SQL database query tool |
“We’ve just traced the attack... its coming from inside the house!” How do you secure your network when the bad guys already have control of your servers? It’s so hard to keep up with the attacks, maybe it’s safer to architect with the assumption that you’ve already been breached. What does this entail?
Tuesday, January 31, 2012
The Vulnerability Assessor Risk Rating System revealed
Subscribe to:
Posts (Atom)