OWASP Risk Rating Calculator
Estimate risk severity using the OWASP Risk Rating Methodology. Select one option per factor — all selections are optional; unselected factors are excluded from the average.
Score Vector
Likelihood
Threat Agent Factors
Skill Level
How technically skilled is this group of threat agents?
Motive
How motivated is this group to find and exploit this vulnerability?
Opportunity
What resources and opportunities are required to exploit this vulnerability?
Size
How large is this group of threat agents?
Vulnerability Factors
Ease of Discovery
How easy is it to discover this vulnerability?
Ease of Exploit
How easy is it to actually exploit this vulnerability?
Awareness
How well known is this vulnerability to threat agents?
Intrusion Detection
How likely is an exploit to be detected?
Impact
Technical Impact Factors
Loss of Confidentiality
How much data could be disclosed and how sensitive is it?
Loss of Integrity
How much data could be corrupted and how damaged is it?
Loss of Availability
How much service could be lost and how vital is it?
Loss of Accountability
Are the threat agents' actions traceable to an individual?
Business Impact Factors
Financial Damage
How much financial damage will result from an exploit?
Reputation Damage
Would an exploit result in reputation damage that would harm the business?
Non-Compliance
How much exposure does non-compliance introduce?
Privacy Violation
How much personally identifiable information could be disclosed?