Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Purpose

OWASP Security Vulnerabilities shows the amount of security vulnerabilities in the application code.

How metric helps

An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the security of the application. Once an attacker has found a flaw and determined how to access it, the attacker has the potential to exploit the application vulnerability to facilitate a cyber crime.  Examples of security vulnerabilities: SQL injection, cross-site scripting (XSS), credentials leakage, sensitive data exposure, broken authentication and session management and more. With help of the metric, it becomes possible to find weaknesses in code timely. 

How it works

Chart Overview

The chart is composed of security vulnerabilities counted in items and displayed on Axis Y which are distributed over time (Axis X). Security Vulnerabilities are summed by unit sub-types and shown in the chart legend. Each sub-type is clickable for its series to be displayed/hidden on the chart.

2017-10-23_16-38-53.png

Calculation Formula

Metric is calculated as a number of vulnerability issues in code.

RAG thresholds: Red > 20, Amber > 10, otherwise Green.

Data Source

Data for the metric can be collected from Sonar or any other project tracking/engineering tool.


 

Unable to render {include} The included page could not be found.
 
Unable to render {include} The included page could not be found.


  • No labels