Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSLlabs scan results lack severity #421

Closed
arkenoi opened this issue Mar 15, 2017 · 6 comments
Closed

SSLlabs scan results lack severity #421

arkenoi opened this issue Mar 15, 2017 · 6 comments

Comments

@arkenoi
Copy link
Member

@arkenoi arkenoi commented Mar 15, 2017

Lost at this point:

251659c

since SSLlabs API provides grade now as well, it is trivial to add it back.

(and as I mentioned before, I am strongly against using severity 0 anywhere, because it breaks sorting and reporting)

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Mar 16, 2017

Well, that commit is to very old code, which was very fragile.

I have not seen a severy per finding in the json responses, but could be wrong. Using the general grade a severity for wverything would be bad and severity should relate to the finding, not the overall judgement.

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Mar 16, 2017

Rechecked the API. Severity per finding still isn't there, so now to determine if e.g. Having a certain time of renegotiation bitmap is a good or a bad thing.

@arkenoi
Copy link
Member Author

@arkenoi arkenoi commented Mar 16, 2017

At least we may have "finding" grade with severity, as well as some known ones, and everything else as informational (99, not 0!)

@arkenoi
Copy link
Member Author

@arkenoi arkenoi commented Mar 16, 2017

If you mix scans with asset view, having all zero severity stuff on the top is probably not what you want ;-) If I have some free time, I will try to hack something usable out of that script.

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Mar 16, 2017

Yes, I can add a severity to the "grade" findings....
The other problem is a presentation layer problem which should be solvable.

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Jul 28, 2017

O.K. serverities coming up...
Everything is a note unless....
Grade B -> Low
Grade CD -> Medium
Other grades -> High

Vulnerabilities found are given grade Medium

@MrSeccubus MrSeccubus closed this in e74c1b9 Aug 2, 2017
MrSeccubus added a commit that referenced this issue Aug 2, 2017
Closes #421 - Implemented a scoring system for SSLlabs findings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants