/
Risk database

Risk database

Owned by Hilbert
14 Dec 2023
3 min read

In the risk database, you can easily search for existing findings. The dynamic linking to client names simplifies the reuse of findings. This allows you to recycle what you have used before and gives you the ability to customize it to the specific client.

To create a new risk

 

 

More information about risk properties:

Category

In the main database, we support various types of categories:

  • Web Application

  • Infrastructure

  • Cloud Resource

  • Mobile App

  • Wi-Fi

  • Source Code

Description

Here, you can provide a more detailed explanation of the risk and, for example, clarify to the client what the risk entails.

Different standards frameworks

For each category, you have the option to place the risk within a standards framework. Choose from these systems to align the risk with a specific standards framework.

Through the CVSS, vulnerabilities are assigned a score on a scale from one to ten, with ten being the highest. This immediately indicates the severity of a vulnerability. The score is explained in detail here. Below is an image of a potential risk.

 

Within the risk database, the Baseline Information Security for the Public Sector (BIO) has also been added. This BIO is used within the government for information security. The complete BIO has been incorporated, making it easy to add something. It can look like this:

 

The ASVS is a list of security requirements and controls. This makes it clear whether and where there are risks.

These standards frameworks are also visible depending on the category.

This is a standardization through which we standardize the most common and impactful risks in software. By utilizing these international standards, users gain a better understanding of the level of risk associated with a particular risk.
OWASP Top 10:2021

This is a standardization through which we normalize the most common and impactful risks in APIs. The OWASP Top 10 is updated regularly. By using these international standards, users gain a better understanding of the level of risk associated with a particular risk.

OWASP Top 10 API Security Risks – 2023 - OWASP API Security Top 10

This is a standardization through which we normalize the most common and impactful software weaknesses. By using these international standards, users gain a better understanding of the level of risk associated with a particular weakness.

CWE -Common Weakness Enumeration

Recommendation

Here you can indicate which recommendations are available for a specific risk. You can also provide further details and explanations for these recommendations.

Notes

This section provides space for comments that may not fit elsewhere.

Reproduction

Reproduction gives you the ability to show step by step how you arrived at a risk. You can easily move between steps using the drag-and-drop system.

There is also a dedicated space added to insert code and upload evidence.

 

Related content