Questions tagged [metrics]
24 questions
1
vote
0 answers
What are the XSStrike metrics "Confidence" and "Efficiency"?
This is regarding the XSS scanning tool XSStrike. The tool produces three elements in a given report:
XSS Payload
Confidence
Efficiency
Does anyone know what the metrics Confidence and Efficiency is measuring? I can hazard a guess that it suggests…
![](../../users/profiles/236794.webp)
user219293
- 11
- 1
1
vote
1 answer
Malware Threat Hunting in Airport Systems - KPIs/Metrics to Track
I am trying to figure out how to detect potential threats from malwares in various systems installed in the airport.
To be specific, my focus is on the following systems in airports:
Baggage Handling System (BHS)
X-ray machines
CCTV
Building…
![](../../users/profiles/221176.webp)
SamRoy
- 111
- 2
1
vote
0 answers
Quantifying security with metrics
I am working on a state-of-the-art quantification of security, meaning a numerical assessment of security for a system.
In my research, most of the work is not recent (up to 2012 so far) and is really theoretical. Most of the work is done with semi…
![](../../users/profiles/163378.webp)
Ecterion
- 103
- 7
1
vote
1 answer
why don't we measure the strength of crypto against the cost it would take to crack it?
I hear all the time how many hours it would take to break a certain type of encryption. I think this may be the wrong metric to look at ever since scaling became an easy to implement solution.
Sure you can measure the hours it would take to break…
![](../../users/profiles/79436.webp)
codykochmann
- 277
- 1
- 6
0
votes
1 answer
Main factors that influence information security effectiveness?
What are the main factors that influence information security effectiveness (besides top management support, employee training and use of security policies)?
![](../../users/profiles/37140.webp)
QuachTT
- 11
0
votes
0 answers
Is it possible to exec pods in Kubernetes via a metrics server?
I am trying to exec arbitrary commands on a pod via the Kubernetes metrics server. I am doing so by sending HTTP requests to the metrics server endpoint.
These are the paths that I can send requests to:
{
"paths": [
"/apis",
…
0
votes
1 answer
Kubernetes user impersonation to obtain exec privileges
I am exploring CVE 2018-1002105 about privilege escalation vulnerabilities in Kubernetes. As a remote unuauthenticated user, I would want to make use of a metrics server deployed on my cluster to exec arbitrary commands on any pod.
I am quite…
0
votes
3 answers
What are some metrics to be used to evaluate SaaS security?
What are some metrics to be used to evaluate a SaaS app's security?
Some examples:
static code analysis (Fortify)
code coverage (bugs being a potential source of vulnerabilities)
others?
In case it isn't obvious, the code is available to audit and…
![](../../users/profiles/31606.webp)
Blaze
- 322
- 3
- 13
-1
votes
1 answer
Security comparisons between two approaches: how to distinguish FUD from Substance?
Background:
WorkerB and Tymac were discussing the pros-and-cons of using two different alternatives for extending a web content management system that is used in their company.
Alternative one allows a developer to extend the CMS using home-grown…
![](../../users/profiles/7377.webp)
dreftymac
- 371
- 1
- 9