I have come across a situation where I need to specify the "Level of
Exploitation" to the client ( a govt. agency). I was able to do SQL
Injection, Cross Site Scripting attacks against the web application.
Could you share your ideas about level of exploitation. What level we
can give for SQL Injection, Cross site scripting, buffer overflow, TCP
thanks in advance