OWASP Risk Rating Calculator

A Java library for calculating OWASP Risk Rating scores

License

License

GroupId

GroupId

us.springett
ArtifactId

ArtifactId

owasp-risk-rating-calculator
Last Version

Last Version

1.0.0
Release Date

Release Date

Type

Type

jar
Description

Description

OWASP Risk Rating Calculator
A Java library for calculating OWASP Risk Rating scores
Project URL

Project URL

https://github.com/stevespringett/owasp-risk-rating-calculator
Source Code Management

Source Code Management

https://github.com/stevespringett/owasp-risk-rating-calculator.git

Download owasp-risk-rating-calculator

How to add to project

<!-- https://jarcasting.com/artifacts/us.springett/owasp-risk-rating-calculator/ -->
<dependency>
    <groupId>us.springett</groupId>
    <artifactId>owasp-risk-rating-calculator</artifactId>
    <version>1.0.0</version>
</dependency>
// https://jarcasting.com/artifacts/us.springett/owasp-risk-rating-calculator/
implementation 'us.springett:owasp-risk-rating-calculator:1.0.0'
// https://jarcasting.com/artifacts/us.springett/owasp-risk-rating-calculator/
implementation ("us.springett:owasp-risk-rating-calculator:1.0.0")
'us.springett:owasp-risk-rating-calculator:jar:1.0.0'
<dependency org="us.springett" name="owasp-risk-rating-calculator" rev="1.0.0">
  <artifact name="owasp-risk-rating-calculator" type="jar" />
</dependency>
@Grapes(
@Grab(group='us.springett', module='owasp-risk-rating-calculator', version='1.0.0')
)
libraryDependencies += "us.springett" % "owasp-risk-rating-calculator" % "1.0.0"
[us.springett/owasp-risk-rating-calculator "1.0.0"]

Dependencies

test (1)

Group / Artifact Type Version
junit : junit jar 4.12

Project Modules

There are no modules declared in this project.

Build Status Codacy Badge License

OWASP Risk Rating Calculator

OWASP Risk Rating Calculator is a Java library for programmatically calculating OWASP Risk Rating scores.

Compiling

$ mvn clean package

Usage Example

OwaspRiskRating riskRating = new OwaspRiskRating()
    .with(ThreatAgentFactor.SkillLevel.ADVANCED_COMPUTER_USER)
    .with(ThreatAgentFactor.Motive.POSSIBLE_REWARD)
    .with(ThreatAgentFactor.Opportunity.SOME_ACCESS_OR_RESOURCES_REQUIRED)
    .with(ThreatAgentFactor.Size.AUTHENTICATED_USERS)
    .with(VulnerabilityFactor.EaseOfDiscovery.DIFFICULT)
    .with(VulnerabilityFactor.EaseOfExploit.THEORETICAL)
    .with(VulnerabilityFactor.Awareness.HIDDEN)
    .with(VulnerabilityFactor.IntrusionDetection.NOT_LOGGED)
    .with(TechnicalImpactFactor.LossOfConfidentiality.ALL_DATA_DISCLOSED)
    .with(TechnicalImpactFactor.LossOfIntegrity.EXTENSIVE_SERIOUSLY_CORRUPT_DATA)
    .with(TechnicalImpactFactor.LossOfAvailability.MINIMAL_SECONDARY_SERVICES_INTERRUPTED)
    .with(TechnicalImpactFactor.LossOfAccountability.COMPLETELY_ANONYMOUS)
    .with(BusinessImpactFactor.FinancialDamage.SIGNIFICANT_EFFECT_ON_ANNUAL_PROFIT)
    .with(BusinessImpactFactor.ReputationDamage.LOSS_OF_MAJOR_ACCOUNTS)
    .with(BusinessImpactFactor.NonCompliance.HIGH_PROFILE_VIOLATION)
    .with(BusinessImpactFactor.PrivacyViolation.MILLIONS_OF_PEOPLE);

Score score = riskRating.calculateScore();
Level likelihood = score.getLikelihood();
Level technicalImpact = score.getTechnicalImpact();
Level businessImact = score.getBusinessImpact();

Maven Usage

OWASP Risk Rating Calculator is available in the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>owasp-risk-rating-calculator</artifactId>
    <version>1.0.0</version>
</dependency>

Copyright & License

OWASP Risk Rating Calculator is Copyright (c) Steve Springett. All Rights Reserved.

All other trademarks are property of their respective owners.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.

Versions

Version
1.0.0