请教高人安全测试的缺陷等级是怎么划分的

nanmu 发表于 2009-9-7 11:59:04

请教高人安全测试的缺陷等级是怎么划分的，我们公司主要是做网站的，就网站方面的安全缺陷等级的划分，希望大家能给点建议

huiqiangt 发表于 2009-9-8 19:38:07

铜球

puchonghui 发表于 2009-9-8 21:26:41

做缺陷被利用难度和收益评估

nanmu 发表于 2009-9-9 09:41:43

回复 3# 的帖子

没有具体一点的等级划分吗

xiaoyaoke 发表于 2009-9-9 10:38:00

回复 4# 的帖子

根据网站可扫描出漏洞的风险值做算法加成

nanmu 发表于 2009-9-10 18:05:01

这个是安全扫描工具里定义的，自己翻译一下吧，哪个工具我忘记了

High Risk Alert Level 3 – Vulnerabilities categorized as the
most dangerous, which put a site at maximum risk for hacking
and data theft.
Medium Risk Alert Level 2 – Vulnerabilities caused by server
miss-configuration and site-coding flaws, which facilitate server
disruption and directory intrusion.
Low Risk Alert Level 1 – Vulnerabilities derived from lack of
encryption for data traffic, or directory path disclosures.
Informational Alert – Sites which are susceptible to revealing
information through GHDB search strings, or email addresses
disclosure.

页: [1]

51Testing软件测试论坛 's Archiver