Friday , October , 31 2014
 
 
 

Application Scoring

 
VampireScan – Application Scoring Method
 
VampireTech, Inc. allows users to test their own Cloud and Web applications for vulnerabilities and receive actionable results all within their own Web portal. Cloud based services through VampireTech dramatically decrease costs while simplifying the Web Application scanning process to a point anyone with a website can complete a full dynamic scan and see results in a simple summary along with risk explanation and action items (remediation tips). Scans are an excellent source to determining one’s overall compliance to Industry standards.
 
VampireScan has the capability of measuring, prioritizing and managing risk associated with web applications.  The Application score provides a means to numerically rank the risk associated with vulnerabilities in an application. The process of scoring a web application for vulnerability risk enables users to achieve the following benefits:
     
    For a given application the Application score is calculated by a series of formulas that determine how vulnerabilities detected by a particular attack are weighted.  Each attack has a base score.  The base score considers the impact of the vulnerability in the following four areas:
     
    • Application
      • The web application and associated database are included in this category. Components in the application impact area include:
        • Web application components, parameters, methods, pages and forms
        • Scripts, executables and services related to the application
        • Database interaction accessible from the web application
        • Data storage related to the application
        • Authentication
        • Protocols used to interact with the application (e.g. HTTP, HTTPS, SOAP)
    • Session
      • Session management mechanisms are included within this category:
        • Session ID management
        • Session tokens
        • Session cookies
        • Session tracking and transport mechanisms
        • Session properties
    • Browser
      • Browser and client-side components used by the application fall into this category:
        • Browser functional components
        • Browser related information such as cached content
        • Files and cookies stored by the browser
        • Browser memory and processes
    • Environment
      • The web server, application server, development environment and related components fall into this category:
        • Web server pages and scripts
        • Web server environment variables and configuration scripts
        • Server administration consoles and interfaces
        • Application server components and scripts
        • Development environment, components and configuration
     
    Vulnerabilities detected by a particular attack are scored in each of the above categories.  The Application score then takes into account two additional factors.  A complexity factor is applied that considers the means by which the vulnerability may be exploited.  Simple attacks such as those that can be performed in a browser or automated with publicly available tools are considered higher risk in contrast with attacks that require custom coded scripts.  The second factor reflects the precision associated with detection of a given vulnerability.  Attacks which are directly detected from the application response are considered higher risk than those which rely on correlation or inference.
     
     


      Quick Links:


    Free 30 Days Trial Solutions Overview Technology Overview
    Partners Overview Support Overview Community Overview
    Company Overview Store Account Login
     










    Connect With Us:






















     









     
    Contact Us:
    USA Toll Free:  +1 888 672 6996
    USA Local Office: + 1 512 672 6766
    APAC Office:  +1 888 672 6996
    eMail:  Info@vampiretech.com
    Support:  support@vampiretech.com