HARM Score
The Cenzic HARM (Hailstorm Application Risk Metric) Score is a quantitative score for the risk associated with a Web application. Cenzic is the only company that prioritizes customer’s application vulnerabilities based on this unique scoring system, allowing you to prioritize and fix the big issues first.
The HARM score helps you better understand your applications’ risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline. For a given application, the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted.
Details on the HARM score
Your HARM base score sums both your applications’ total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas:
- Application
- Session
- Browser
- Environment
A complexity factor is applied to determine the means by which the vulnerability may be exploited. For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts.
If you are Cenzic customer, we have a very detailed and technical white paper that outlines this scoring system. As it is proprietary information, we’ll need to ensure you are a current customer, so email your full company contact details to the email below for your copy today: request@cenzic.com
|
Cenzic emulates a