RMS is a custom security metric developed by Hacktica to quantify how effectively a security control (like a WAF or bot manager) reduces real-world risk.
Hacktica RMS Strengths:
1.Focuses on Controls — Not just risk exposure, but whether the WAF actually mitigates threats.
2.Modular & Transparent — Clear test categories (e.g., SQLi, XSS, Bots, Brute Force), each contributing to the RMS.
3.Entity + Signature + RFC Coverage — You grade not just attack types but how deep and specific the WAF inspects.
4.Adaptive Scoring — You can include risk modifiers based on evasions, customization, or emergency response readiness.
5.Better for Tuning — RMS supports configuration improvement, not just pointing out risk.
| Aspect | Hacktica RMS (DSMM Model) |
| Focus | Risk mitigation capability |
| Perspective | Measures how much risk is blocked |
| Model | Detection depth + breadth + resilience + readiness |
| Interpretation | Higher = better mitigation |
| Actionability | Shows what is working, what is missing, and what to improve |
| Entity-aware | Yes (E1–E4 level) |
| Signature-aware | Yes (tested rules vs evasion) |
| Real-world fit | Production-focused |
| Scoring logic | Transparent scoring per test and control class |
Benefits of RMS
- Quantitative: Provides a measurable score instead of vague security claims
- Comparative: Helps compare WAFs, bot managers, or policies
- Actionable: Tells you where your gaps are (what didn’t block)
- Business-aligned: Supports security investment decisions by showing impact