Cenzic HARM® Score
Quantifying Dynamic Application Security Testing (DAST)
The Cenzic HARM (Hailstorm Application Risk Metric) Score is a quantitative score for the risk associated with an application. Cenzic is the only company that prioritizes customer's Cloud, Mobile and Web application vulnerabilities based on this unique scoring system, allowing you to prioritize and fix the big issues first.
The HARM score helps you better understand your applications' risks, measure progress toward security goals such as protecting your brand or getting compliant with regulations, and also gives you a measurement of your security baseline. For a given application, the HARM score is calculated by a series of formulas that determine how vulnerabilities detected by a potential attack are weighted. The HARM base score sums both applications' total vulnerability profile and vulnerabilities detected by a particular SmartAttack in each application considering the following four areas:
A complexity factor is applied to determine the means by which the vulnerability may be exploited. For instance, simple attacks such as those performed in a browser or automated with publicly available tools are considered higher risk. These are in contrast with attacks that require custom coded scripts.