What is Quality of Detection (QoD)?
5 months ago by
This concept also solves the challenge of potential vulnerabilities. Such are always recorded and kept in the results database but are only visible on demand.
While the QoD range allows to express the quality quite fine-grained, in fact most of the test routines use a standard methodology. Therefore QoD Types are associate with a QoD value. The current list of types might be extended over time.
|100%||exploit||The detection happened via an exploit and therefore is fully verified.|
|99%||remote_vul||Remote active checks (code execution, traversal attack, sql injection etc.) where the response clearly shows the presence of the vulnerability.|
|98%||remote_app||Remote active checks (code execution, traversal attack, sql injection etc.) where the response clearly shows the presence of the vulnerable application.|
|97%||package||Authenticated package-based checks for Linux(oid) systems.|
|97%||registry||Authenticated registry-based checks for Windows systems.|
|95%||remote_active||Remote active checks (code execution, traversal attack, sql injection etc.) where the response shows the likely presence of the vulnerable application or of the vulnerability. “Likely” means that only rare circumstances are possible where the detection would be wrong.|
|80%||remote_banner||Remote banner check of applications that offer patch level in version. Many proprietary products do so.|
|80%||executable_version||Authenticated executable version checks for Linux(oid) or Windows systems where applications offer patch level in version.|
|75%||This value was assigned to any pre-qod results during system migration. However, some NVTs eventually might own this value for some reason.|
|70%||remote_analysis||Remote checks that do some analysis but which are not always fully reliable.|
|50%||remote_probe||Remote checks where intermediate systems such as firewalls might pretend correct detection so that it is actually not clear whether the application itself answered. This can happen for example for non-TLS connections.|
|30%||remote_banner_unreliable||Remote banner checks of applications that don’t offer patch level in version identification. For example, this is the case for many Open Source products due to backport patches.|
|30%||executable_version_unreliable||Authenticated executable version checks for Linux(oid) systems where applications don’t offer patch level in version identification.|
|1%||general_note||General note on potential vulnerability without finding any present application.|
Please login to add an answer/comment or follow this question.