Web Application TruRisk™ Calculation
Click to view navigation pane

Home

Web application - TruRisk™ Details

On the TruRisk™ Details page, you can view the contributing factors for the TruRisk™ score of the selected web application. 

The TruRisk™ Score helps you prioritize the web applications you should consider for scans. If the web application does not have any detections the risk score will be zero.

Trurisk detail page

TruRisk™ Calculation 

TruRisk™ Score is the overall risk score assigned to the asset based on the following contributing factors:

a) Asset Criticality Score (ACS)

b) Qualys Detection Score (QDS) scores for each QID level. For details of QDS calculation, see QDS Details.

c) Auto-assigned weighting factor (w) for each criticality level of QIDs

The TruRisk™ Score range is between 0 to 1000, and indicates risk as follows:

- Severe: 850-1000

- High: 700-849

- Medium: 500-699

- Low: 0-499

Formula 

trurisk formula.

where, 

- ACS is the Asset Criticality Score. See Asset_Criticality_Score_.

- w is the weighing factor for each severity level of QIDs [critical(c), high(h), medium(m), low(l)]

- Avg(QDS) is the average of Qualys Detection Score for each severity level of QIDs

np.power - value of np.power is constant to 0.01

Click Risk Calculation to view the calculation for the selected web application. For example, 

 The TruRisk™ Score changes in the following scenarios:

- Change in Asset Criticality Score of the tag assigned to the web application

- Findings (vulnerability and sensitive content) with QDS > 0 are detected

- Detections with Fixed status are not considered for TruRisk™ score calculation

- If the web application is purged, the TruRisk™ score will be zero

Asset Criticality Score 

The Asset Criticality Score (ACS) is calculated based on multiple tags assigned to the asset with Asset Criticality Scores (ACS) defined. The highest score is considered for the ACS if multiple tags are assigned to the asset.

For example, if you assign 5 tags to your asset, the tag with the highest value between 1-5 will be considered the contributing factor while calculating the TruRisk™ Score.

 
- If no tag is assigned to the web application, then the default value of ACS will be 2. 
- If the tag with ACS value 1 is assigned, then ACS value 1 is considered instead of default value 2.