Rules

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

IDS00-JHighLikelyMedium

P18

L1

IDS01-JHighProbableMedium

P12

L1

IDS03-JMediumProbableMedium

P8

L2

IDS04-JLowProbableHigh

P2

L3

IDS06-JMediumUnlikelyMedium

P4

L3

IDS07-JHighProbableMedium

P12

L1

IDS08-JMediumUnlikelyMedium

P4

L3

IDS11-JHighProbableMedium

P12

L1

IDS14-JHighProbableHigh

P6

L2

IDS16-JHighProbableMedium

P12

L1

IDS17-JMediumProbableMedium

P8

L2



10 Comments

  1. I noticed that IDS01-J. Normalize strings before validating them is missing from the the rules index.

    1. Good catch, I've fixed it.

  2. Hello,

    1. IDS00-J is duplicated in the "Risk Assessment Summary". I believe we should keep only the first row having Level = L1

    2. Why are there only 8 entries in the "Risk Assessment Summary" table while there are 17 entries in the "Rule 00" category?

    Thanks

    1. Hi Alexandre,


      1. Thanks for the heads up on IDS00-J, we've removed the duplicate.
      2. An entry in the "Risk Assessment Summary" table is only added if the rule/rec is not a stub, not deprecated, and is complete. For example, IDS13-J is deprecated, so it doesn't have an entry in the table.
  3. Hello,
    If IDS14-J (IDS14-J. Do not trust the contents of hidden form fields) is complete should the "Risk Assessment" of IDS14-J be added this "Risk Assessment Summary"?

  4. How often would you like to use the word “Likely” (in the column “Likelihood”)?

    1. Unlikely (smile). I would rather that most rules were unlikely...eg. it would be very unlikely for a weakness to be exploited.

      1. Does the text “Likelhy” indicate a typo here?