Weak points on a scale of 1 to 3

Weak points on a scale of 1 to 3

Prioization of the vulnerabilities found

Weak points on a scale of 1 to 3

Prioization of the vulnerabilities found

Weak points on a scale of 1 to 3

Risk classes of the vulnerability analysis

A vulnerability analysis is an essential part of the security process. With this analysis, services and technologies can be examined for already known vulnerabilities. The aim is to provide users with a simple user interface to continuously check their systems

The scope of such an analysis is the safety inspection of sensitive systems. Due to their accessibility from the Internet, they are the main target of hackers, worms and user errors. The aim is to evaluate the systems, provide a comprehensive overview of the security status and provide recommendations for optimizing security.

The contents and focal points of the study include the following aspects:

  • Basic safeguarding of the systems
  • Vulnerability detection and verification
  • Recommendations for the elimination of detected vulnerabilities
  • Display of possible configuration errors

Risks are assessed on the basis of CVE valuations. This rating should be seen as a guideline. Whether the impairment is relevant for the company depends on the intended use of the audited system. The scan is never fully aware of the intended use and weighting of a system. It can be necessary to evaluate the identified risks differently internally.

For example, Denial-of-Service attacks are generally classified as "medium" risk because the potential business damage is unknown. Denial-of-Service attacks against routers are an exception, as it is assumed that their failure will affect the entire network infrastructure.

Four different risk levels are distinguished. It is possible that vulnerabilities, which are clearly assigned to a risk level on the basis of their description, are nevertheless classified differently. For instance, if the combination of vulnerabilities results in a higher or lower risk, or if a vulnerability for a particular system needs to be considered more critically.

„High“ risk class

A vulnerability or misconfiguration that could cause an attacker to:

  • Can bring the system under his control
  • Can compromise the multi-client capability of an application
  • Can extend the access rights
  • Can bypass access restrictions and thus gain access to sensitive information
  • Execute malicious code on the Web page by cross-site scripting
  • Can read database structures by SQL Injection

„Medium“ risk class

A vulnerability or misconfiguration that could cause an attacker to:

  • Can obtain information that could be decisive for further attacks.

„Low“ risk class

A vulnerability or misconfiguration that could cause an attacker to:

  • The vulnerability can be used to obtain information that is useful for further attacks. This information facilitates or enables a successful attack. Security vulnerabilities that make detailed information available via the Internet must be evaluated on a case-by-case basis and may also be evaluated as a "medium" risk.

An additional risk class is "information". It shows a way to improve the current configuration of the system in order to prevent possible future attacks.

Any further questions?

Contact us by e-mail or messenger. We will be happy to answer any questions you may have. You can test AssetSec free of charge for 7 days. We are happy to answer your questions. We look forward to hearing from you!