https://github.com/stevespringett/owasp-risk-rating-calculator

A Java library for programmatically calculating OWASP Risk Rating scores
https://github.com/stevespringett/owasp-risk-rating-calculator

java library owasp risk-assessment risk-scores threat-modeling

Last synced: 6 days ago
JSON representation

A Java library for programmatically calculating OWASP Risk Rating scores

• Host: GitHub
• URL: https://github.com/stevespringett/owasp-risk-rating-calculator
• Owner: stevespringett
• License: apache-2.0
• Created: 2019-02-01T02:05:58.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2023-04-03T08:57:02.000Z (over 1 year ago)
• Last Synced: 2024-01-29T06:07:31.165Z (10 months ago)
• Topics: java, library, owasp, risk-assessment, risk-scores, threat-modeling
• Language: Java
• Homepage: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
• Size: 66.4 KB
• Stars: 18
• Watchers: 3
• Forks: 4
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
[![Build Status](https://github.com/stevespringett/owasp-risk-rating-calculator/workflows/Maven%20CI/badge.svg)](https://github.com/stevespringett/owasp-risk-rating-calculator/actions?workflow=Maven+CI)

[![Codacy Badge](https://api.codacy.com/project/badge/Grade/fe80f59eee334016b218178bc72e6395)](https://www.codacy.com/app/stevespringett/owasp-risk-rating-calculator?utm_source=github.com&utm_medium=referral&utm_content=stevespringett/owasp-risk-rating-calculator&utm_campaign=Badge_Grade)

[![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)][Apache 2.0]

OWASP Risk Rating Calculator

=====================================

OWASP Risk Rating Calculator is a Java library for programmatically calculating OWASP Risk Rating scores.

Compiling

-------------------

> $ mvn clean package

Usage Example

-------------------

```java

OwaspRiskRating riskRating = new OwaspRiskRating()

    .with(ThreatAgentFactor.SkillLevel.ADVANCED_COMPUTER_USER)

    .with(ThreatAgentFactor.Motive.POSSIBLE_REWARD)

    .with(ThreatAgentFactor.Opportunity.SOME_ACCESS_OR_RESOURCES_REQUIRED)

    .with(ThreatAgentFactor.Size.AUTHENTICATED_USERS)

    .with(VulnerabilityFactor.EaseOfDiscovery.DIFFICULT)

    .with(VulnerabilityFactor.EaseOfExploit.THEORETICAL)

    .with(VulnerabilityFactor.Awareness.HIDDEN)

    .with(VulnerabilityFactor.IntrusionDetection.NOT_LOGGED)

    .with(TechnicalImpactFactor.LossOfConfidentiality.ALL_DATA_DISCLOSED)

    .with(TechnicalImpactFactor.LossOfIntegrity.EXTENSIVE_SERIOUSLY_CORRUPT_DATA)

    .with(TechnicalImpactFactor.LossOfAvailability.MINIMAL_SECONDARY_SERVICES_INTERRUPTED)

    .with(TechnicalImpactFactor.LossOfAccountability.COMPLETELY_ANONYMOUS)

    .with(BusinessImpactFactor.FinancialDamage.SIGNIFICANT_EFFECT_ON_ANNUAL_PROFIT)

    .with(BusinessImpactFactor.ReputationDamage.LOSS_OF_MAJOR_ACCOUNTS)

    .with(BusinessImpactFactor.NonCompliance.HIGH_PROFILE_VIOLATION)

    .with(BusinessImpactFactor.PrivacyViolation.MILLIONS_OF_PEOPLE);

Score score = riskRating.calculateScore();

Level likelihood = score.getLikelihood();

Level technicalImpact = score.getTechnicalImpact();

Level businessImact = score.getBusinessImpact();

```

Maven Usage

-------------------

OWASP Risk Rating Calculator is available in the Maven Central Repository.

```xml

    us.springett

    owasp-risk-rating-calculator

    1.0.1

```

Copyright & License

-------------------

OWASP Risk Rating Calculator is Copyright (c) Steve Springett. All Rights Reserved.

All other trademarks are property of their respective owners.

Permission to modify and redistribute is granted under the terms of the [Apache 2.0] license.

  [Apache 2.0]: http://www.apache.org/licenses/LICENSE-2.0.txt