OWASP Risk Rating Management Project
There are many methodologies that can be used for security assessments, particularly website security assessments. OWASP already has a methodology for website security assessments, called the “OWASP Risk Rating Methodology”. OWASP also provides an Excel template to calculate the risk score.
But some users do not know how to assess their own websites. Some users may have difficulty understanding a methodology, or they do not understand the threat agent factor, the skill level or vulnerability factor, or ease of exploit. Another problem occurs when an owner must assess many websites; they must create multiple copies of the OWASP Risk score template, increasing the likelihood of losing the file or data in the process.
The OWASP Risk Rating Management Project will help owners/developers to avoid these problems when they implement a website security assessment. Even if they have many websites to assess, the Risk Rating Management Project can handle and record the risk score into its database, allowing the owner to assess and manage each website more easily. The owner can also use this methodology in different contexts, for example in a penetration testing project, or a security assessment.
Add ‘what’ text . . .
The target audience for this Working Session is:
- OWASP ZAP, Arachni, and other OSS scanner developers
- Burp, Acunetix, and other commercial scanner developers
- Web application developers
- Security Auditors
- Security Consultants
- Security Analysts
Back to list of all Working Sessions and Tracks
Edit this page here