Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Grade

From: "Malhoit, Lauren" <Lauren.Malhoit () tylertech com>
Date: Fri, 7 Dec 2007 12:49:11 -0500
I think it's all pretty relative.  Microsoft recommends doing either a
qualitative risk analysis or quantitative (or both).  In one case you
assign the odds of the risk of a specific attack a number (1-10) and
assign the severity of the risk a number (ie will it cause business to
shut down or something).  Then you multiply those two numbers and it
gives you a risk assessment.  In the other case, you actually take the
odds of how many times a year a risk might happen

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of 11ack3r
Sent: Thursday, December 06, 2007 6:18 AM
To: pen-test () securityfocus com
Subject: Security Grade

Hi,

Is there a security criteria or matrix against which we could grade
customer's pen test results? Like assigning them grade between A to E
or 1 to 10.

*.*

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: