[Owasp-testing] Risk Calculating Methodology - Likelihood and Impact Levels

Matteo Meucci matteo.meucci at owasp.org
Fri Oct 5 12:50:47 UTC 2012


Hi,
yes you are right, the wiki is correct.

https://www.owasp.org/index.php?title=OWASP_Testing_Guide_v4_Table_of_Contents

Thanks!
Mat


On 10/05/2012 02:29 PM, marc dupont wrote:
> Hi,
> 
> 1)   On the pdf of the Owasp Testing Guide v3,
> http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
> 
> p.329 i can see :
> 
> Likelihood and Impact Levels
> 0 to <3 HIGH
> 3 to <6 MEDIUM
> 6 to 9 LOW
> 
> 
> On the website at URL:
> https://www.owasp.org/index.php/How_to_value_the_real_risk
> It's exactly the opposite (which is, i suppose the correct version):
> 
> *Likelihood and Impact Levels*
> 0 to <3 	LOW
> 3 to <6 	MEDIUM
> 6 to 9 	HIGH
> 
> 
> 
> Could someone confirm/correct if so  please ?
> 
> 
> 
> 2)   Anyway i'm interested also on the V4 up to date, can't find the
> link, if someone can give it to me please ?
> 
> 
> Thanks and Best Regards.
> M.Dupont
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the Owasp-testing mailing list