Skip to main content
Information Security

Questions tagged [metrics]

Ask Question

The tag has no summary.

25 questions
Newest Active Bountied Unanswered
3 votes
2 answers
2k views

Let's say there is a XSS vulnerability in a web application. The XSS allows an attacker to hijack the user's session. Within the session, the attacker can view/modify the user's credit card and ...
mateleco's user avatar
  • 110
0 votes
0 answers
150 views

Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc.. Now let's say we know that there are entities on ...
vl.b's user avatar
  • 1
2 votes
2 answers
374 views

I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from ...
xk58945's user avatar
  • 21
0 votes
1 answer
393 views

I am exploring CVE 2018-1002105 about privilege escalation vulnerabilities in Kubernetes. As a remote unuauthenticated user, I would want to make use of a metrics server deployed on my cluster to exec ...
SarahAlexa's user avatar
  • 1
1 vote
2 answers
327 views

I've recently been given a set of guidance notes on CVSS; but the guidance isn't making sense. I've sent a query off, but got no response. So asking here. Say you have an exploit (can ignore base for ...
Amiga500's user avatar
  • 142
1 vote
1 answer
297 views

I am trying to figure out how to detect potential threats from malwares in various systems installed in the airport. To be specific, my focus is on the following systems in airports: Baggage Handling ...
SamRoy's user avatar
  • 111
2 votes
1 answer
177 views

I intend to train an RNN on snapshots of the VM metrics to classify malware. I will, therefore, run hundreds of different pieces of malware inside that VM. It has been isolated from my host (as best ...
Cobalt Scales's user avatar
  • 143
3 votes
1 answer
1k views

By looking at probability graphs for nodes at metrics.torproject.org, it seems that exit nodes can't also be guards (they have 0.0000% probability of serving as guard) and vice versa. Why is that so?
white_poppy's user avatar
  • 31
4 votes
2 answers
2k views

I work in an organisation with 3 levels as far as information security is concerned. I'm sitting at level two where we develop policies and also assist with the standards. One of the most difficult ...
Katlego M's user avatar
  • 51
1 vote
0 answers
242 views

I am working on a state-of-the-art quantification of security, meaning a numerical assessment of security for a system. In my research, most of the work is not recent (up to 2012 so far) and is ...
Ecterion's user avatar
  • 103
0 votes
3 answers
695 views

What are some metrics to be used to evaluate a SaaS app's security? Some examples: static code analysis (Fortify) code coverage (bugs being a potential source of vulnerabilities) others? In case it ...
Blaze's user avatar
  • 394
5 votes
2 answers
5k views

I have been trying to find a definition of triage in relation to Information Security but cannot find any online. From the different examples given online (i.e. medical world), it seems related to ...
user92592's user avatar
  • 554
1 vote
1 answer
199 views

I hear all the time how many hours it would take to break a certain type of encryption. I think this may be the wrong metric to look at ever since scaling became an easy to implement solution. Sure ...
codykochmann's user avatar
  • 277
3 votes
2 answers
717 views

Thinking about software security metrics currently I've thought about the following software security metrics: number/type of CWE detected by developers (bug reporting) number/type of CWE detected by ...
boos's user avatar
  • 1,096
6 votes
1 answer
1k views

The calculation of RAVs in OSSTMM seem very useful as a security metric but, can they be the base for a risk assessment methodology compliant with the new ISO 27001:2013 and ISO 31000? ISO 27001:2013 ...
kinunt's user avatar
  • 2,789

15 30 50 per page
1
2