Rules
Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| IDS00-J | High | Likely | Medium | P18 | L1 |
| IDS01-J | High | Probable | Medium | P12 | L1 |
| IDS03-J | Medium | Probable | Medium | P8 | L2 |
| IDS04-J | Low | Probable | High | P2 | L3 |
| IDS06-J | Medium | Unlikely | Medium | P4 | L3 |
| IDS07-J | High | Probable | Medium | P12 | L1 |
| IDS08-J | Medium | Unlikely | Medium | P4 | L3 |
| IDS11-J | High | Probable | Medium | P12 | L1 |
| IDS14-J | High | Probable | High | P6 | L2 |
| IDS16-J | High | Probable | Medium | P12 | L1 |
| IDS17-J | Medium | Probable | Medium | P8 | L2 |
10 Comments
Marc Peña
I noticed that IDS01-J. Normalize strings before validating them is missing from the the rules index.
David Svoboda
Good catch, I've fixed it.
Alexandre GIGLEUX
Hello,
1. IDS00-J is duplicated in the "Risk Assessment Summary". I believe we should keep only the first row having Level = L1
2. Why are there only 8 entries in the "Risk Assessment Summary" table while there are 17 entries in the "Rule 00" category?
Thanks
Derek Leung
Hi Alexandre,
Ahmed Shah
Hello,
If IDS14-J (IDS14-J. Do not trust the contents of hidden form fields) is complete should the "Risk Assessment" of IDS14-J be added this "Risk Assessment Summary"?
David Svoboda
Fixed.
Markus Elfring
How often would you like to use the word “Likely” (in the column “Likelihood”)?
David Svoboda
Unlikely
. I would rather that most rules were unlikely...eg. it would be very unlikely for a weakness to be exploited.
Markus Elfring
Does the text “Likelhy” indicate a typo here?
David Svoboda
Fixed, thanks.