asked on
questions on penetration testing: ratings & # days to resolve
Some questions were raised on our practice of penetration testing:
a) what are the various basis the ratings of Critical, High, Med, Low
are being assigned? External-facing servers' XSS will get High
while internal servers (not exposed to public/Internet) XSS will
get Med? There's also various types of XSS that warrants
different types of ratings?
Curious how the various tools assign these ratings or in some
cases, it's the human pentester who assigns it?
b) Is there any framework, eg: NIST, CREST or ... that specifies
the duration to resolve?
a) what are the various basis the ratings of Critical, High, Med, Low
are being assigned? External-facing servers' XSS will get High
while internal servers (not exposed to public/Internet) XSS will
get Med? There's also various types of XSS that warrants
different types of ratings?
Curious how the various tools assign these ratings or in some
cases, it's the human pentester who assigns it?
b) Is there any framework, eg: NIST, CREST or ... that specifies
the duration to resolve?
VulnerabilitiesSecurity
Last Comment
noci
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Can point me to any authoritative links for CVSS scorings
that recommend the # days for remediations?