What is Quality of Detection (QoD)?


54
views
0
5 months ago by
The Quality of Detection (QoD) is a value between 0% and 100% describing the reliability of the executed vulnerability detection or product detection.

This concept also solves the challenge of potential vulnerabilities. Such are always recorded and kept in the results database but are only visible on demand.

While the QoD range allows to express the quality quite fine-grained, in fact most of the test routines use a standard methodology. Therefore QoD Types are associate with a QoD value. The current list of types might be extended over time.

QoD QoD Type Description
100% exploit The detection happened via an exploit and therefore is fully verified.
99% remote_vul Remote active checks (code execution, traversal attack, sql injection etc.) where the response clearly shows the presence of the vulnerability.
98% remote_app Remote active checks (code execution, traversal attack, sql injection etc.) where the response clearly shows the presence of the vulnerable application.
97% package Authenticated package-based checks for Linux(oid) systems.
97% registry Authenticated registry-based checks for Windows systems.
95% remote_active Remote active checks (code execution, traversal attack, sql injection etc.) where the response shows the likely presence of the vulnerable application or of the vulnerability. “Likely” means that only rare circumstances are possible where the detection would be wrong.
80% remote_banner Remote banner check of applications that offer patch level in version. Many proprietary products do so.
80% executable_version Authenticated executable version checks for Linux(oid) or Windows systems where applications offer patch level in version.
75% This value was assigned to any pre-qod results during system migration. However, some NVTs eventually might own this value for some reason.
70% remote_analysis Remote checks that do some analysis but which are not always fully reliable.
50% remote_probe Remote checks where intermediate systems such as firewalls might pretend correct detection so that it is actually not clear whether the application itself answered. This can happen for example for non-TLS connections.
30% remote_banner_unreliable Remote banner checks of applications that don’t offer patch level in version identification. For example, this is the case for many Open Source products due to backport patches.
30% executable_version_unreliable Authenticated executable version checks for Linux(oid) systems where applications don’t offer patch level in version identification.
1% general_note General note on potential vulnerability without finding any present application.
Community: Mageni
Please login to add an answer/comment or follow this question.

Similar posts:
Search »
  • Nothing matches yet.