OWASP Risk Rating Management Project


Why

There are many methodologies that can be used for security assessments, particularly website security assessments. OWASP already has a methodology for website security assessments, called the “OWASP Risk Rating Methodology”. OWASP also provides an Excel template to calculate the risk score.

But some users do not know how to assess their own websites. Some users may have difficulty understanding a methodology, or they do not understand the threat agent factor, the skill level or vulnerability factor, or ease of exploit. Another problem occurs when an owner must assess many websites; they must create multiple copies of the OWASP Risk score template, increasing the likelihood of losing the file or data in the process.

The OWASP Risk Rating Management Project will help owners/developers to avoid these problems when they implement a website security assessment. Even if they have many websites to assess, the Risk Rating Management Project can handle and record the risk score into its database, allowing the owner to assess and manage each website more easily. The owner can also use this methodology in different contexts, for example in a penetration testing project, or a security assessment.

https://www.owasp.org/index.php/OWASP_Risk_Rating_Management

What

Add ‘what’ text . . .

Who

The target audience for this Working Session is:

  • OWASP ZAP, Arachni, and other OSS scanner developers
  • Burp, Acunetix, and other commercial scanner developers
  • Javascript front end developers
  • Web application developers
  • Security Auditors
  • Security Consultants
  • Pentesters
  • Security Analysts


Back to list of all Working Sessions and Tracks

Edit this page here