A Java library for programmatically calculating OWASP Risk Rating scores
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.travis.yml
LICENSE
README.md
pom.xml
release.sh

README.md

Build Status Codacy Badge License

OWASP Risk Rating Calculator

OWASP Risk Rating Calculator is a Java library for programmatically calculating OWASP Risk Rating scores.

Compiling

$ mvn clean package

Usage Example

OwaspRiskRating riskRating = new OwaspRiskRating()
    .with(ThreatAgentFactor.SkillLevel.ADVANCED_COMPUTER_USER)
    .with(ThreatAgentFactor.Motive.POSSIBLE_REWARD)
    .with(ThreatAgentFactor.Opportunity.SOME_ACCESS_OR_RESOURCES_REQUIRED)
    .with(ThreatAgentFactor.Size.AUTHENTICATED_USERS)
    .with(VulnerabilityFactor.EaseOfDiscovery.DIFFICULT)
    .with(VulnerabilityFactor.EaseOfExploit.THEORETICAL)
    .with(VulnerabilityFactor.Awareness.HIDDEN)
    .with(VulnerabilityFactor.IntrusionDetection.NOT_LOGGED)
    .with(TechnicalImpactFactor.LossOfConfidentiality.ALL_DATA_DISCLOSED)
    .with(TechnicalImpactFactor.LossOfIntegrity.EXTENSIVE_SERIOUSLY_CORRUPT_DATA)
    .with(TechnicalImpactFactor.LossOfAvailability.MINIMAL_SECONDARY_SERVICES_INTERRUPTED)
    .with(TechnicalImpactFactor.LossOfAccountability.COMPLETELY_ANONYMOUS)
    .with(BusinessImpactFactor.FinancialDamage.SIGNIFICANT_EFFECT_ON_ANNUAL_PROFIT)
    .with(BusinessImpactFactor.ReputationDamage.LOSS_OF_MAJOR_ACCOUNTS)
    .with(BusinessImpactFactor.NonCompliance.HIGH_PROFILE_VIOLATION)
    .with(BusinessImpactFactor.PrivacyViolation.MILLIONS_OF_PEOPLE);

Score score = riskRating.calculateScore();
Level likelihood = score.getLikelihood();
Level technicalImpact = score.getTechnicalImpact();
Level businessImact = score.getBusinessImpact();

Maven Usage

OWASP Risk Rating Calculator is available in the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>owasp-risk-rating-calculator</artifactId>
    <version>1.0.0</version>
</dependency>

Copyright & License

OWASP Risk Rating Calculator is Copyright (c) Steve Springett. All Rights Reserved.

All other trademarks are property of their respective owners.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.