Tuesday, January 31, 2012

The Vulnerability Assessor Risk Rating System revealed

Vulnerability Assessor Risk Rating System
Rating
Vulnerability
Low
Server has an IP address
Medium
Web server apparently is serving up web pages
High
Server running SSL instead of TLS
Super High
Directory content listing found in default Apache directory
Double-plus ungood
Self-signed certificate found on test web server
Critical
Correctly guessed login name is “admin”
Mega-bad
DoS vulnerability found in version number in banner grab
Fraught with peril
Developer email address found in HTML source
Horrendous
Password autocomplete not disabled on login form
Apocalyptic
Non-persistent cross-site scripting found
Singularity
SQL injection found on admin SQL database query tool