Exposure Score Levels
The results of a completed pentest are assigned an exposure level based on the type of test (Internal vs External), and the weaknesses and impacts found during the test. The following table details the definitions for the exposure levels given:
Internal Pentests
| Exposure Score | Reasons for this score |
|---|---|
| Critical | Any of the discovered impacts fall into one of these categories: Domain Compromise, AWS Account Compromise, AWS User Compromise, Azure AD User Compromise, Business Email Compromise OR 20% of the discovered hosts have a host compromise impact. |
| High | One or more impacts OR at least one critical weakness discovered. |
| Medium | No impacts discovered AND one or more high weaknesses discovered. |
| Low | No impacts discovered AND one or more medium or low weaknesses discovered. |
| None | No weaknesses or impacts discovered. |
External Pentests
| Exposure Score | Reasons for this score |
|---|---|
| Critical | Any impact EXCEPT Sensitive Data Exposure or Brand Compromise. |
| High | One or more impacts discovered OR at least one weakness discovered with context score >= 5.0 |
| Medium | No impacts discovered AND at least one weakness discovered with context score between 3.0 and 5.0 |
| Low | No impacts discovered AND at least one weakness with context score <= 3.0 |
| None | No weaknesses or impacts discovered. |