Secure Network, after receiving the initial request, conducts a careful assessment of the requirements with the Client to evaluate the most suitable methodology and approach:
Each issue identified during Security Assessment activities will be categorized in the technical reports according to the evaluation criteria of the standard methodologies used, weighting both technical and business factors to best assess the actual impact contextualized to the objective of the analyses.
Secure Network adopts the following standard methodologies to estimate the risk associated with vulnerabilities identified during security assessments:
The OWASP Risk Rating Methodology model is used for application assessments
The Common Vulnerability Scoring System (CVSS) model is used for infrastructure assessments
he final risk value is obtained by combining the possible impact of the vulnerability with an assessment of the likelihood of its exploitation by an attacker, considering, for instance, the level of access needed, the extent of the issue, the knowledge required to use it.
Secure Network is willing to adopt other specific risk calculation methodologies adopted by the Client to provide a result compatible and comparable with previous analyses or internal processes.