Cybersecurityknowledge~30 mins

Vulnerability classification (CVSS) in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Vulnerability Classification Using CVSS

📖 Scenario: You work in a cybersecurity team that needs to classify software vulnerabilities to understand their severity. You will use the Common Vulnerability Scoring System (CVSS) to organize vulnerabilities by their scores.

🎯 Goal: Create a simple classification system that groups vulnerabilities by their CVSS score ranges: Low, Medium, High, and Critical.

📋 What You'll Learn

Create a dictionary called vulnerabilities with exact CVSS scores for given vulnerabilities

Create a variable called classification as an empty dictionary to hold groups

Use a for loop with variables vuln and score to iterate over vulnerabilities.items()

Add the correct severity label to each vulnerability based on its CVSS score using the exact ranges

💡 Why This Matters

🌍 Real World

Security teams use CVSS scores to prioritize fixing vulnerabilities based on their severity to protect systems effectively.

💼 Career

Understanding how to classify and organize vulnerabilities by severity is essential for cybersecurity analysts and engineers to manage risks.

Progress0 / 4 steps

Create the vulnerabilities dictionary

Create a dictionary called vulnerabilities with these exact entries: 'SQL Injection': 9.8, 'Cross-Site Scripting': 6.1, 'Information Disclosure': 4.3, 'Denial of Service': 7.5, 'Buffer Overflow': 10.0.

Cybersecurity

# Create the vulnerabilities dictionary with exact CVSS scores
# Your code here

Need a hint?

Use curly braces to create a dictionary and separate each entry with a comma.

Create an empty classification dictionary

Create an empty dictionary called classification to store vulnerabilities grouped by severity levels.

Cybersecurity

vulnerabilities = {
    'SQL Injection': 9.8,
    'Cross-Site Scripting': 6.1,
    'Information Disclosure': 4.3,
    'Denial of Service': 7.5,
    'Buffer Overflow': 10.0
}
# Create an empty dictionary called classification
# Your code here

Need a hint?

Use empty curly braces to create an empty dictionary.

Classify vulnerabilities by CVSS score

Use a for loop with variables vuln and score to iterate over vulnerabilities.items(). Inside the loop, assign a severity label to each vulnerability based on its CVSS score: score < 4.0 is 'Low', 4.0 <= score < 7.0 is 'Medium', 7.0 <= score < 9.0 is 'High', and score >= 9.0 is 'Critical'.

Cybersecurity

vulnerabilities = {
    'SQL Injection': 9.8,
    'Cross-Site Scripting': 6.1,
    'Information Disclosure': 4.3,
    'Denial of Service': 7.5,
    'Buffer Overflow': 10.0
}

classification = {}

# Use a for loop to classify vulnerabilities by score
# Your code here

Need a hint?

Use if-elif-else statements inside the loop to assign severity labels.

Add vulnerabilities to classification groups

Inside the for loop, add each vulnerability to the classification dictionary under its severity label. If the label does not exist as a key, create a new list. Append the vulnerability name to the list for its severity.

Cybersecurity

vulnerabilities = {
    'SQL Injection': 9.8,
    'Cross-Site Scripting': 6.1,
    'Information Disclosure': 4.3,
    'Denial of Service': 7.5,
    'Buffer Overflow': 10.0
}

classification = {}

for vuln, score in vulnerabilities.items():
    if score < 4.0:
        severity = 'Low'
    elif 4.0 <= score < 7.0:
        severity = 'Medium'
    elif 7.0 <= score < 9.0:
        severity = 'High'
    else:
        severity = 'Critical'
    # Add vulnerability to classification dictionary
    # Your code here

Need a hint?

Check if the severity key exists in the dictionary. If not, create a list. Then add the vulnerability to that list.