Tool
OWASP Risk Rating* Calculator
—
—
Likelihood
—
Overall Risk
—
—
Impact
Select impact factors
SL:-/MO:-/OP:-/SZ:-/ED:-/EE:-/AW:-/ID:-/LC:-/LI:-/LA:-/LT:-/FD:-/RD:-/NC:-/PV:- Select the factor values below to calculate the risk level. Impact can be assessed both technically and from a business perspective — when both are filled, business impact takes precedence.
Likelihood
Threat Agent Factors
Skill Level: How technically skilled is this group of threat agents?
Motive: How motivated is this group of threat agents to find and exploit this vulnerability?
Opportunity: What resources or opportunities are required for this group of threat agents to exploit this vulnerability?
Size: How large is this group of threat agents?
Vulnerability Factors
Ease of Discovery: How easy is it for this group of threat agents to discover this vulnerability?
Ease of Exploit: How easy is it for this group of threat agents to actually exploit this vulnerability?
Awareness: How well known is this vulnerability to this group of threat agents?
Intrusion Detection: How likely is an exploit to be detected?
Impact
Technical Impact Factors
Loss of Confidentiality: How much data could be disclosed and how sensitive is it?
Loss of Integrity: How much data could be corrupted and how damaged is it?
Loss of Availability: How much service could be lost and how vital is it?
Loss of Accountability: Are the threat agents' actions traceable to an individual?
Business Impact Factors
Financial Damage: How much financial damage will result from an exploit?
Reputation Damage: How much reputation damage would result from an exploit?
Non-Compliance: How much exposure does non-compliance introduce?
Privacy Violation: How much personally identifiable information could be disclosed?
* OWASP® Risk Rating Methodology is a methodology by the OWASP Foundation. This calculator was implemented based on the official documentation.