OWASP Risk Rating Calculator
OWASP Risk Rating Calculator is a Java library for programmatically calculating OWASP Risk Rating scores.
Compiling
$ mvn clean package
Usage Example
OwaspRiskRating riskRating = new OwaspRiskRating()
.with(ThreatAgentFactor.SkillLevel.ADVANCED_COMPUTER_USER)
.with(ThreatAgentFactor.Motive.POSSIBLE_REWARD)
.with(ThreatAgentFactor.Opportunity.SOME_ACCESS_OR_RESOURCES_REQUIRED)
.with(ThreatAgentFactor.Size.AUTHENTICATED_USERS)
.with(VulnerabilityFactor.EaseOfDiscovery.DIFFICULT)
.with(VulnerabilityFactor.EaseOfExploit.THEORETICAL)
.with(VulnerabilityFactor.Awareness.HIDDEN)
.with(VulnerabilityFactor.IntrusionDetection.NOT_LOGGED)
.with(TechnicalImpactFactor.LossOfConfidentiality.ALL_DATA_DISCLOSED)
.with(TechnicalImpactFactor.LossOfIntegrity.EXTENSIVE_SERIOUSLY_CORRUPT_DATA)
.with(TechnicalImpactFactor.LossOfAvailability.MINIMAL_SECONDARY_SERVICES_INTERRUPTED)
.with(TechnicalImpactFactor.LossOfAccountability.COMPLETELY_ANONYMOUS)
.with(BusinessImpactFactor.FinancialDamage.SIGNIFICANT_EFFECT_ON_ANNUAL_PROFIT)
.with(BusinessImpactFactor.ReputationDamage.LOSS_OF_MAJOR_ACCOUNTS)
.with(BusinessImpactFactor.NonCompliance.HIGH_PROFILE_VIOLATION)
.with(BusinessImpactFactor.PrivacyViolation.MILLIONS_OF_PEOPLE);
Score score = riskRating.calculateScore();
Level likelihood = score.getLikelihood();
Level technicalImpact = score.getTechnicalImpact();
Level businessImact = score.getBusinessImpact();
Maven Usage
OWASP Risk Rating Calculator is available in the Maven Central Repository.
<dependency>
<groupId>us.springett</groupId>
<artifactId>owasp-risk-rating-calculator</artifactId>
<version>1.0.0</version>
</dependency>
Copyright & License
OWASP Risk Rating Calculator is Copyright (c) Steve Springett. All Rights Reserved.
All other trademarks are property of their respective owners.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.