Web application security - the fast guide Chapter 3: Vulnerabilities And Threat Models | Page 11

DREAD
Risk = (DAMAGE + REPRODUCIBILITY +EXPLOITABILITY + AFFECTED USERS+DISCOVERABILITY) / 5
D amage Potential
R eproducibility
E xploitability
A ffected user
D iscoverability
2017-05-10
Level No Damage Value 0 User Data is compromised or
affected
5
Very hard to
reproduce
0 One or two steps to
reproduce
5
Level
Value
Value Advance Knowledge
and advanced tools
0
Level
Value None
0
Level
Complete destruction of
Data or System
10
Easy to reproduce
10
5 Very simple tool
(only browser)
10
Some users
5 All Users
10
Available tool and easy to perform
Level Very hard
requires Admin
access Guessing or
monitoring
network
Value 0 5
Web Application Security Fast Guide (book slides)
Can be easily
discovered (search
engine) , available
publicly
9
Visible directly
(through address bar
as example)
By Dr.Sami Khiami
10
Slide 11