Legacy Calc + bonuses
CVSS-like based calculator
CVSS-like+Combos+VTM
Legacy Calc(main)
Test calc
Custom Security Severity Calculator
Asset Impact (AI):
AI represents the importance of an asset based on its environment (e.g., Staging, Production, etc)
Production
Staging
Dev/Test
Data Access Type (DAT):
DAT indicates which data was viewed (read) or changed (write) and adds weighting based on impact.
-- Select Access Type --
Read CCI
Write CCI
Read Corporate Data
Read: Viewable Data
Full SSN
Phone Records
First & Last name
Email Address
Physical Address
Billing Address
MSISDN
Account Number
IMEI
ICCID
Credit Card Number
Partial Credit Card Number
Encrypted Credit Card Number
Bank Account Number
Partial Bank Account Number
Encrypted Bank Account Number
Live GPS coordinates
Historical GPS coordinates
Write: Modifiable Data
First & Last name
Billing Address
Physical Address
Email Address
Account settings
MSISDN
IMEI
Read: Viewable Data (Corporate)
First & Last name
Email Address
Source Code
Required Access (RA):
RA represents if the attack was authenticated or unauthenticated.
Unauthenticated
Authenticated
Vulnerability Type (VTM):
VTM represents each known web vulnerability and their impact weighting.
Remote Code Execution (RCE)
SQL Injection (SQLi)
Server-Side Request Forgery (SSRF)
Insecure Direct Object Reference (IDOR)
XML External Entity (XXE)
Local File Inclusion (LFI)
Directory Traversal
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Session Fixation / Insecure Cookies
Clickjacking / UI Redress
Information Disclosure
Calculate Severity
Process Flowchart
