June 2018
Intermediate to advanced
294 pages
7h 5m
English
The Common Vulnerability Scoring System (CVSS) v3 came out a while ago, as an enhancement for CVSS v2. The big question is: why do you need to calculate it, if it's already done by the tool (for example, Burp)? Let me give you an example. Suppose that you have found an SQL Injection vulnerability, and the report tells you that the score is high. In reality, the server that was tested was disconnected from the internet and available on a specific VLAN, and on top of that, the data stored in the database was not confidential. Should you still consider the score to be high? Of course not! That's why you always need to recalculate your score, to make sure that it matches the reality.
Read now
Unlock full access