🛡️ Security Assessment Tool

OWASP Risk Calculator

Calculate security risk severity using the OWASP Risk Rating Methodology

Likelihood Score

1.00

LOW

Impact Score

1.50

LOW

Overall Risk Severity

0.17

NOTE

Application & Vulnerability Information

Application Name *

Business Owner / Stakeholder

Security Assessor

Vulnerability Title

Application Description

Vulnerability Description

Risk Vector String

(SL:1/M:1/O:0/S:2/ED:1/EE:1/A:1/ID:1/LC:2/LI:1/LAV:1/LAC:1/FD:1/RD:1/NC:2/PV:3)

This vector string can be shared with stakeholders for tracking and reproducing the risk assessment.

Likelihood Factors

Red: Threat Agent | Blue: Vulnerability

Risk Severity Gauge

0.17

NOTE

Overall Risk Score (0-9 scale)

Impact Factors

Purple: Technical | Orange: Business

Threat Agent Factors

Motive

Low or no reward1Possible reward4High reward9

Opportunity

Full access or expensive resources required0Special access or resources required4Some access or resources required7No access or resources required9

Vulnerability Factors

Ease of Discovery

Practically impossible1Difficult3Easy7Automated tools available9

Ease of Exploit

Theoretical1Difficult3Easy5Automated tools available9

Awareness

Unknown1Hidden4Obvious6Public knowledge9

Intrusion Detection

Active detection in application1Logged and reviewed3Logged without review8Not logged9

Technical Impact Factors

Loss of Confidentiality

Minimal non-sensitive data disclosed2Extensive non-sensitive data disclosed5Minimal critical data disclosed6Extensive critical data disclosed7All data disclosed9

Loss of Integrity

Minimal slightly corrupt data1Minimal seriously corrupt data3Extensive slightly corrupt data5Extensive seriously corrupt data7All data totally corrupt9

Loss of Availability

Minimal secondary services interrupted1Extensive secondary services interrupted4Minimal primary services interrupted5Extensive primary services interrupted7All services completely lost9

Loss of Accountability

Fully traceable1Possibly traceable7Completely anonymous9

Business Impact Factors

Financial Damage

Less than the cost to fix the vulnerability1Minor effect on annual profit3Significant effect on annual profit7Bankruptcy9

Reputation Damage

Minimal damage1Loss of major accounts4Loss of goodwill5Brand damage9

Non-Compliance

Minor violation2Clear violation5High profile violation7

Privacy Violation

One individual3Hundreds of people5Thousands of people7Millions of people9

About OWASP Risk Rating Methodology

This calculator implements the official OWASP Risk Rating Methodology, providing a systematic and repeatable approach to calculating security risk severity. It helps organizations make informed decisions about security investments by quantifying both the likelihood of successful attacks and their potential business impact.

🎯 Likelihood Factors

Threat Agent:

• Skill Level
• Motive
• Opportunity
• Size

Vulnerability:

• Ease of Discovery
• Ease of Exploit
• Awareness
• Intrusion Detection

💼 Impact Factors

Technical Impact:

• Confidentiality Loss
• Integrity Loss
• Availability Loss
• Accountability Loss

Business Impact:

• Financial Damage
• Reputation Damage
• Non-Compliance
• Privacy Violation

⚡ Risk Severity Scale

Score Ranges:

• 0-3: LOW
• 3-6: MEDIUM
• 6-9: HIGH

Overall Severity:

• NOTE: Low/Low
• LOW: Mixed Low/Med
• MEDIUM: Med/Med
• HIGH: High impact
• CRITICAL: High/High

💡 Business Value: This methodology enables security teams to communicate risks in business terms, prioritize remediation efforts effectively, and make data-driven decisions about security investments aligned with organizational risk appetite.