Risk
What risk means and how we calculate it.
There are several ways Halo Security helps you evaluate risk on your attack surface.
Risk is scored on a 10,000 point scale from Low (0-299) and Medium (300-599) to High (600+). These risk ratings are color coded by Green, Yellow, and Red. For more information about how risk is calculated, as well as a calculator which can show you how risk was assigned for any particular Target, please visit the Risk Methodology page.
We used colored risk indicators for certain elements like ports, ciphers, and various website related information such as cookies and headers.
As a general rule of thumb:
- (● Green): Good or common. There is likely no issue.
- (● Yellow): More rare or questionable. Should be investigated.
- (● Red): Rare and poses significant risk without mitigating controls. Should be remediated.
All issues are rated on a scale of 1-5 and contribute to the full risk score.
- Severity 5: An attacker can take full control.
- Severity 4: An attacker can access critical data.
- Severity 3: An attacker can access sensitive data.
- Severity 2: An attacker can access configuration data.
- Severity 1: An attacker can access unnecessary data.
For vulnerabilities with a known risk, we also provided the CVSS score on the issue detail page. Additionally, certain vulnerabilities are classified as PCI vulnerabilities and must be remediated or exceptions created. That detail is also included on the Issue Detail page.
Last modified 1yr ago