Some Web application vulnerabilities expose an organization to higher risk than others. It is important to evaluate the
risks associated with each vulnerability in order to prioritize their resolution. For example, a vulnerability that is
easy to discover and exploit (and would allow an attacker to steal sensitive user data or crash the application) should
be fixed before a vulnerability that is very difficult to discover, takes a very highly skilled attacker, and has a low
damage potential.
There are different methodologies for evaluating the risks associated with security vulnerabilities. These
methodologies typically take into account factors such as ease of discovery, time to exploit, attacker skill level, and
so on.
Once you have evaluated the security risks, you should rank the vulnerabilities, and then create a list starting with
the highest priority ones on the top.
|