|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Security Auditing Report Conventions and Standards
From: Sandeep Giri <sandeepgiri(at)indiatimes.com>
Date: Wed Jan 29 2003 - 02:00:07 EST
('binary' encoding is not supported, stored as-is)
Filename/bugs Existance/exploit possibility Severity/impact of bug File1
...
..
..
..
Conventions:
Existence/Exploit possibility:
0 – Doesn’t Exist
1 – Exist but impossible to exploit
2 – Exists but difficult to exploit
3 – Exploitable
Date: Wed Jan 29 2003 - 02:00:07 EST
('binary' encoding is not supported, stored as-is)
Hi!
Is there any standard format for reporting and analysing the security
problems an application?
Or it depends on the application type?
I have published the security auditing report in the following format:
Filename/bugs Existance/exploit possibility Severity/impact of bug File1
User Authentication 1 2
...
..
..
..
Conventions:
Existence/Exploit possibility:
0 – Doesn’t Exist
1 – Exist but impossible to exploit
2 – Exists but difficult to exploit
3 – Exploitable
Severity/Impact of bug:
0 – No Harm
1 – May allow one user to read/write other user’s resource
2 – May Allow one user to read/write/execute system’s privileged resource.
is that okay?
Thanks.
Best regards,
Sandeep Giri
Received on Wed Jan 29 16:06:56 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |