![[Pasted\ image\ 20250903142603.png]]
Prioritization of Possible Attacks
Once we have found one or two vulnerabilities during the Vulnerability Assessment stage that we can apply to our target network/system, we can prioritize those attacks. Which of those attacks we prioritize higher than the others depends on the following factors:
- Probability of Success
- Complexity
- Probability of Damage
Prioritization Example
| Factor | Points | Remote File Inclusion | Buffer Overflow |
|---|---|---|---|
| 1. Probability of Success | 10 |
10 | 8 |
| 2. Complexity - Easy | 5 |
4 | 0 |
| 3. Complexity - Medium | 3 |
0 | 3 |
| 4. Complexity - Hard | 1 |
0 | 0 |
| 5. Probability of Damage | -5 |
0 | -5 |
| Summary | max. 15 |
14 | 6 |
Based on the above example, we would prefer the remote file inclusion attack. It is easy to prepare and execute and should not cause any damage if approached carefully.