Potential vulnerabilities and business logic flaws
Classification | Ratings | Description |
---|---|---|
Severity | info low medium high | The severity of the finding. |
Feasibility | easy medium hard | The ease of exploiting the finding. |
Effort | easy medium hard | The effort to remediate the finding. |
info
, low
, medium
, or high
based on the severity of
the finding. You are probably familiar with the severity of a finding from other tools. However, with Ghost, you won’t find
many of the low severity findings that you are used to seeing.
easy
. A finding that requires
a potential attacker to perform additional actions or gain additional privileges would have a higher feasibility rating.
easy
. A finding that requires a more
complex change to the code or a more involved process is considered to have a higher remediation effort rating.
high
severity and easy
to remediate, you might consider that an Easy Win
and prioritize it accordingly.
Similarly, if you have a finding that is high
severity and easy
to exploit, you might consider that an Risky Target
and prioritize to be fixed urgently.