PHPackages cybergates/assessment - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. cybergates/assessment ActiveLibrary[Security](/categories/security) cybergates/assessment ===================== Information Systems Security Assessment library. 85521PHP Since Feb 7Pushed 8y ago1 watchersCompare [ Source](https://github.com/CYBERGATES/Assessment)[ Packagist](https://packagist.org/packages/cybergates/assessment)[ RSS](/packages/cybergates-assessment/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependenciesVersions (1)Used By (0) CYBER GATES ® Information Systems Security Assessment library inspired by [OWASP risk rating methodology](https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology) ======================================================================================================================================================================== [](#cyber-gates--information-systems-security-assessment-library--inspired-by-owasp-risk-rating-methodology) Introduction ------------ [](#introduction) Information Systems Security Assessment library is a collection of methods used to evaluate risk in your Information Systems based on existing vulnerabilities and previous incidents. Initially this library was designed for the [professional cloud-based security solution](https://onlineservices.cybergates.org/en/websecurity/) which allows you to determine the importance of potential risks to your online business. Please feel free to use this library in your projects and/or extend its functionality by creating new pull requests on Github. More information about [CYBER GATES ® Web Application Compliance & Risk Management](https://onlineservices.cybergates.org/en/websecurity/) solution may be found here: . Requirements ------------ [](#requirements) This library requires PHP 5.4.0 or better to work properly. No other extensions or dependencies are required. Installation ------------ [](#installation) ### Via composer [](#via-composer) #### Stable version [](#stable-version) `php composer.phar require "cybergates/assessment"` #### Latest development version [](#latest-development-version) `php composer.phar require "cybergates/assessment":"dev-master"` Example usage ------------- [](#example-usage) (see `CompromiseIndicator.php`) ``` use CYBERGATES\Assessment\Risk\Impact\Technical as TechnicalImpact; use CYBERGATES\Assessment\Risk\Impact\Business as BusinessImpact; use CYBERGATES\Assessment\Risk\Indicator\Compromise as CompromiseIndicator; // This path needs to be configured properly require __DIR__.'/../../../autoload.php'; $incident = new CompromiseIndicator(); $incident ->setTechnicalImpact( new TechnicalImpact( // How much data could be disclosed and how sensitive is it? 9, // How much data could be corrupted and how damaged is it? 7, // How much service could be lost and how vital is it? 5, // Are the threat agents' actions traceable to an individual? 8 )) ->setBusinessImpact( new BusinessImpact( // How much financial damage will result from an exploit? 1, // Would an exploit result in reputation damage that would harm the business? 2, // How much exposure does non-compliance introduce? 1, // How much personally identifiable information could be disclosed? 5 )); $incident->setDetails([ 'date reported' => 1515890440, // 2018-01-14T00:40:40+00:00 'status' => CompromiseIndicator::STATUS_OPEN ]); $incident->evaluate(); echo 'Incident risk level is '. $incident->getSeverityLevel()."\r\n"; ``` If you change the status of a security event, then the risk severity level will be changed accordingly. ``` $incident->setDetails([ 'status' => CompromiseIndicator::STATUS_RESOLVED ]); ``` Using risk manager for estimating the overall risk. --------------------------------------------------- [](#using-risk-manager-for-estimating-the-overall-risk) (see `RiskManager.php`) Risk management helps you identify and address the risks facing your business and in doing so increase the likelihood of successfully achieving your businesses objectives. ``` use CYBERGATES\Assessment\Risk\Impact\Technical as TechnicalImpact; use CYBERGATES\Assessment\Risk\Impact\Business as BusinessImpact; use CYBERGATES\Assessment\Risk\Factor\Vulnerability as VulnerabilityFactor; use CYBERGATES\Assessment\Risk\Factor\ThreatAgent as ThreatAgentFactor; use CYBERGATES\Assessment\Risk\Indicator\Exposure as ExposureIndicator; use CYBERGATES\Assessment\Risk\Indicator\Compromise as CompromiseIndicator; use CYBERGATES\Assessment\Risk\Manager as RiskManager; // This path needs to be configured properly require __DIR__.'/../../../autoload.php'; $vulnerability = new ExposureIndicator(); $vulnerability ->setLikelihood( new ThreatAgentFactor( // How technically skilled is this group of threat agents? 7, // How motivated is this group of threat agents to find and exploit this vulnerability? 5, // What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability? 8, // How large is this group of threat agents? 1 ), new VulnerabilityFactor( // How easy is it for this group of threat agents to discover this vulnerability? 9, // How easy is it for this group of threat agents to actually exploit this vulnerability? 8, // How well known is this vulnerability to this group of threat agents? 4, // How likely is an exploit to be detected? 2 )) ->setTechnicalImpact( new TechnicalImpact( // How much data could be disclosed and how sensitive is it? 9, // How much data could be corrupted and how damaged is it? 8, // How much service could be lost and how vital is it? 5, // Are the threat agents' actions traceable to an individual? 8 )) ->setBusinessImpact( new BusinessImpact( // How much financial damage will result from an exploit? 1, // Would an exploit result in reputation damage that would harm the business? 0, // How much exposure does non-compliance introduce? 1, // How much personally identifiable information could be disclosed? 2 )); $vulnerability->evaluate(); echo 'Vulnerability risk level is '. $vulnerability->getSeverityLevel()."\r\n"; // Example of an actual incident $incident = new CompromiseIndicator(); $incident ->setTechnicalImpact( new TechnicalImpact( // How much data could be disclosed and how sensitive is it? 9, // How much data could be corrupted and how damaged is it? 1, // How much service could be lost and how vital is it? 7, // Are the threat agents' actions traceable to an individual? 9 )) ->setBusinessImpact( new BusinessImpact( // How much financial damage will result from an exploit? 1, // Would an exploit result in reputation damage that would harm the business? 2, // How much exposure does non-compliance introduce? 7, // How much personally identifiable information could be disclosed? 9 )); $incident->setDetails([ 'date reported' => 1515890440, // 2018-01-14T00:40:40+00:00 'status' => CompromiseIndicator::STATUS_OPEN ]); $incident->evaluate(); echo 'Incident risk level is '. $incident->getSeverityLevel()."\r\n"; // Example of resolved incident $incident2 = new CompromiseIndicator(); $incident2 ->setTechnicalImpact( new TechnicalImpact( // How much data could be disclosed and how sensitive is it? 9, // How much data could be corrupted and how damaged is it? 7, // How much service could be lost and how vital is it? 5, // Are the threat agents' actions traceable to an individual? 8 )) ->setBusinessImpact( new BusinessImpact( // How much financial damage will result from an exploit? 1, // Would an exploit result in reputation damage that would harm the business? 2, // How much exposure does non-compliance introduce? 1, // How much personally identifiable information could be disclosed? 5 )); $incident2->setDetails([ 'date reported' => 1515890440, // 2018-01-14T00:40:40+00:00 'status' => CompromiseIndicator::STATUS_RESOLVED ]); $incident2->evaluate(); echo 'Another incident risk level is '. $incident2->getSeverityLevel()."\r\n"; $riskManager = new RiskManager; $riskManager->setIndicators([ $vulnerability, $incident, $incident2 ]); $riskManager->evaluate(); echo 'Overall risk level is '. $riskManager->getSeverityLevel()."\r\n"; ``` Using risk scoring system ------------------------- [](#using-risk-scoring-system) (see `RiskScores.php`) The risk scoring system is easy to use. You can get risk severity level even by providing the the date an incident occurred. ``` use CYBERGATES\Assessment\Risk\Severity\Level as RiskLevel; use CYBERGATES\Assessment\Risk\Severity\Score as RiskScore; // This path needs to be configured properly require __DIR__.'/../../../autoload.php'; echo "Min threshold for high level risk score is ".RiskScore::SCORE_HIGH_MIN."\r\n"; echo "Risk severity level for 9.2 score is ".RiskLevel::getByScore(9.2)."\r\n"; echo "If a security event occured on '2017-11-20T07:08:11+00:00' then risk severity level is ".RiskLevel::getByDate(1511161691)."\r\n"; echo "You can sort a list of risk severity levels:\r\n"; $levels = RiskLevel::sort([ 'medium', 'none', 'high', 'low', 'critical', 'high' ]); var_dump($levels); echo "\r\n"; echo "You can get overall risk level by risk matrix('medium','critical'):\r\n"; echo RiskLevel::getByMatrix('medium', 'critical'); ``` Notes ----- [](#notes) The latest version of the package and example scripts resides at Contributing ------------ [](#contributing) If you want to extend functionality or correct a bug, feel free to create a new pull request on Github's repository Credits ------- [](#credits) - Suren Gevorgyan - Edgar Chraghyan ### Health Score 25 — LowBetter than 37% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity20 Limited adoption so far Community8 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/7cb98a93090a4b90f7f0adcbe18298c5b671a4c66bd0a530fe98d5d08f70d390?d=identicon)[SamvelG](/maintainers/SamvelG) --- Top Contributors [![SamvelG](https://avatars.githubusercontent.com/u/2779831?v=4)](https://github.com/SamvelG "SamvelG (10 commits)") --- Tags applicationassessmentcyberincidentinformationmanagementriskrisk-assessmentrisk-managementsecuritysystemvulnerabilityweb ### Embed Badge ![Health badge](/badges/cybergates-assessment/health.svg) ``` [![Health](https://phpackages.com/badges/cybergates-assessment/health.svg)](https://phpackages.com/packages/cybergates-assessment) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)