Questions tagged [metrics]
24 questions
1
vote
0 answers
What are the XSStrike metrics "Confidence" and "Efficiency"?
This is regarding the XSS scanning tool XSStrike. The tool produces three elements in a given report:
XSS Payload
Confidence
Efficiency
Does anyone know what the metrics Confidence and Efficiency is measuring? I can hazard a guess that it suggests…
user219293
- 11
- 1
1
vote
1 answer
Malware Threat Hunting in Airport Systems - KPIs/Metrics to Track
I am trying to figure out how to detect potential threats from malwares in various systems installed in the airport.
To be specific, my focus is on the following systems in airports:
Baggage Handling System (BHS)
X-ray machines
CCTV
Building…
SamRoy
- 111
- 2
1
vote
0 answers
Quantifying security with metrics
I am working on a state-of-the-art quantification of security, meaning a numerical assessment of security for a system.
In my research, most of the work is not recent (up to 2012 so far) and is really theoretical. Most of the work is done with semi…
Ecterion
- 103
- 7
1
vote
1 answer
why don't we measure the strength of crypto against the cost it would take to crack it?
I hear all the time how many hours it would take to break a certain type of encryption. I think this may be the wrong metric to look at ever since scaling became an easy to implement solution.
Sure you can measure the hours it would take to break…
codykochmann
- 277
- 1
- 6
0
votes
1 answer
Main factors that influence information security effectiveness?
What are the main factors that influence information security effectiveness (besides top management support, employee training and use of security policies)?
QuachTT
- 11
0
votes
0 answers
Is it possible to exec pods in Kubernetes via a metrics server?
I am trying to exec arbitrary commands on a pod via the Kubernetes metrics server. I am doing so by sending HTTP requests to the metrics server endpoint.
These are the paths that I can send requests to:
{
"paths": [
"/apis",
…
0
votes
1 answer
Kubernetes user impersonation to obtain exec privileges
I am exploring CVE 2018-1002105 about privilege escalation vulnerabilities in Kubernetes. As a remote unuauthenticated user, I would want to make use of a metrics server deployed on my cluster to exec arbitrary commands on any pod.
I am quite…
0
votes
3 answers
What are some metrics to be used to evaluate SaaS security?
What are some metrics to be used to evaluate a SaaS app's security?
Some examples:
static code analysis (Fortify)
code coverage (bugs being a potential source of vulnerabilities)
others?
In case it isn't obvious, the code is available to audit and…
Blaze
- 322
- 3
- 13
-1
votes
1 answer
Security comparisons between two approaches: how to distinguish FUD from Substance?
Background:
WorkerB and Tymac were discussing the pros-and-cons of using two different alternatives for extending a web content management system that is used in their company.
Alternative one allows a developer to extend the CMS using home-grown…
dreftymac
- 371
- 1
- 9