What risk means and how we calculate it.

There are several ways Halo Security helps you evaluate risk on your attack surface.

Risk Scores

Risk is scored on a 10,000-point scale from Low (0-299) and Medium (300-599) to High (600+). These risk ratings are color-coded by Green, Yellow, and Red. For more information about how risk is calculated, as well as a calculator that can show you how risk was assigned for any particular Target, please visit the Risk Methodology page.

Risk Indicators

We used colored risk indicators for certain elements like ports, ciphers, and various website-related information such as cookies and headers.

As a general rule of thumb:

  • ( Green): Good or common. There is likely no issue.

  • ( Yellow): More rare or questionable. Should be investigated.

  • ( Red): Rare and poses significant risk without mitigating controls. Should be remediated.

Issue Severity

All issues are rated on a scale of 1-5 and contribute to the full risk score.

  • Severity 5: An attacker can take full control.

  • Severity 4: An attacker can access critical data.

  • Severity 3: An attacker can access sensitive data.

  • Severity 2: An attacker can access configuration data.

  • Severity 1: An attacker can access unnecessary data.

CVSS Score & PCI Compliance

For vulnerabilities with a known risk, we also provided the CVSS score on the issue detail page. Additionally, certain vulnerabilities are classified as PCI vulnerabilities and must be remediated or exceptions created. That detail is also included on the Issue Detail page.

Last updated