Home Unlabelled Common Vulnerability Scoring System for Penetration Testers

Common Vulnerability Scoring System for Penetration Testers

By
Monday, January 11, 2016
Read
Add Comment
During  , we often have to send the report of the test , and provide the rating for the Vulnerabilities discovered during the test . Here is an Excellent  score
Common Vulnerability Scoring System for Penetration Testers
calculator Common Vulnerability Scoring Systemfrom National Vulnerability Database .
This Vulnerability reporting is important step when closing a penetration step . Well it’s not just important to report the vulnerabilities , but it is as important to Score these vulnerabilities . National Vulnerability Database “NVD” provides the scoring mechanism through  CVSS “ (Common Vulnerability Scoring System) .
Here is the Screenshot of the Tool :
Common Vulnerability Scoring System for Penetration Testers

What is CVSS 

“The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability impact scores. Two common uses of CVSS are prioritization of vulnerability remediation activities and in calculating the severity of vulnerabilities discovered on one’s systems. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.”

How to Use CVSS 

Common Vulnerability Scoring System “CVSS” is an easy way to score the vulnerabilities .
First We Need to provide the Base Score Metrics: 
  • Exploitability Metrics
    • Access Vector
    • Access Complexity
    • Authentication
  • Impact Metrics
    • Confidentiality Impact
    • Integrity Impact
    • Availability Impact
Then Provide the Temporal Score Metrics
  • Exploitability (E)
  • Remediation Level (RL)
  • Report Confidence(RC)
Provide the Environmental Score Metrics
  • Collateral Damage Potential (CDP)
  • Target Distribution (TD)
Final Scores :  The Final Scores are Calculated Based the above 3 Parameters :
Base Scores
Temporal Scores
Environmental Scores
We Get the Overall Score as the result .
If you are into penetration testing and Vulnerability Reporting then CVSS can prove very helpful when scoring the Vulnerabilities .
Link to the Tool : Here
#Please Share , Like or Comment if this Post was helpful !
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us