Child pages
  • [security] Threat Risk Modeling

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DREAD (OWASP version)

 RatingHigh (10)... (9)Medium (5)Low (0)
DDamage potential

Complete system or data destruction

 Individual user data is compromised or affected.Nothing
RReproducibilityJust a web browser and the address bar is sufficient, without authentication. One or two steps required, may need to be an authorized user.Very hard or impossible, even for administrators of the application.
EExploitabilityJust a web browser Malware exists on the Internet, or an exploit is easily performed, using available attack tools.Advanced programming and networking knowledge, with custom or advanced attack tools.
AAffected usersAll users Some users, but not allNone
DDiscoverabilityThe information is visible in the web browser address bar or in a form.Details of faults like this are already in the public domain and can be easily discovered using a search engine.

Can figure it out by guessing or by monitoring network traces.

Very hard to impossible; requires source code or administrative access.

...