High Risk Classification

high
skysiege
risk

Definition ¶

High risk vulnerabilities are those with severe compromises in their design, especially when compared to modern, more secure architectures. These vulnerabilities are often significant contributors to known security compromises in the wild. They have multiple alternative designs or solutions that can mitigate the inherent risks in their common configurations.

High Risks can be summarised as:

This needs fixing urgently

Characteristics ¶

High Risk Vulnerabilities usually have the following characteristics:

Are known vulnerabilities and targeted by more experienced attackers. Automated tooling can be available and used within a suite of tools to eventually compromise the target
Do not require a large time horizon, allowing for compromise within hours or days when targeted
Associated with a wide threat surface, allowing multiple opportunities for exploitation
Less accepted as within industry norms and best practices and therefore more likely to be compromised during widespread attacks

SkySiege Test Examples ¶

EC2 Instances with Public Networking - allowing direct communications to EC2 machines from any internet connected devices
Public Access to EKS Control Plane - allowing any endpoint to attempt communications with your Kubernetes API
Default VPCs Available - allowing implicit configuration of infrastructure to commonly insecure network configurations
AWS CloudTrail Disabled - missing critical monitoring data and logs

Response ¶

High risk vulnerabilities should should be treated as likely compromise origins and require replacement as soon as possible. They may continue operating in the short term should they be business critical, but so get due attention and prioritisation to ensure that they are fixed as soon as possible.

Fixing High risk vulnerabilities is more important than features. They can be less important than maintaining up time, however, we advise utilising downtime budgets to replace High risk vulnerabilities as needed. It is important to get High risk vulnerabilities removed in as short a time frame as practical.

High risk vulnerabilities should fail an audit resulting in blocking of certifications, launches or insurance.

Related Tests

Critical Risk Classification

SkySiege Documentation detailing the 'Critical Risk' categorisation and what that means to your security posture and practical consequences

Critical skysiege risk

High Risk Classification

SkySiege Documentation detailing the 'High Risk' categorisation and what that means to your security posture and practical consequences

High skysiege risk

Moderate Risk Classification

SkySiege Documentation detailing the 'Moderate Risk' categorisation and what that means to your security posture and practical consequences

Moderate skysiege risk

Low Risk Classification

SkySiege Documentation detailing the 'Low Risk' categorisation and what that means to your security posture and practical consequences

Low skysiege risk

Advisory Risk Classification

SkySiege Documentation detailing the 'Advisory Risk' categorisation and what that means to your security posture and practical consequences

Advisory skysiege risk

Risk Catalogue

Risk:: Advisory
Risk:: Low
Risk:: Moderate
Risk:: High
Risk:: Critical