View your organization security posture
      Back to home
      1. Knowledge Base
      2. Improve your security with Cyber Fitness
      3. View your organization security posture

      Explaining Autobahn Fit's Hackability Score

      The Hackability Score gives an indication of the effort a hacker would go through when trying to break into your organization.

      The higher the score, the more likely it is that an adversary can do harm. The value is updated hourly. The number on the chart from the previous day stores the last value on that day before midnight.

      How is the Hackability Score calculated?

      First, we categorize our findings into three security best practice areas: insufficient hardening, missing patching, and unnecessary exposure.

      Then, we classify the vulnerabilities based on severity and business impact:

      • Severity 4: Instantly exploitable vulnerabilities
      • Severity 3: Exploit fragment that can be used to craft a successful attack
      • Severity 2: Vulnerability that may reveal sensitive information to enable further attacks
      • Severity 1: Best practice deviation

      Afterward, we use a proprietary formula to calculate the Hackability Score per finding type.

      Finally, we calculate the absolute Hackability Score which is the sum of the individual Hackability across all assets. Then, we normalize this Hackability Score based on the number of exposed services to compare organizations within industries. Finally, we normalize the score further by using a specific

      You can expect the score to go up if you:

      • Mark a workout as “To do”

      • Mark an issue as “Active”

      • Add an asset with an issue of critical, high, and medium severity on it

      The score can also go up if the Autobahn Fit platform:

      • Marks an issue as “New” or “Resurfaced” after a scan completes

      • Discovers an asset and, after import and scanning, finds an issue of critical, high, and medium severity on it

      • Changes the issue severity classification of a specific issue based on real-time hacking insights (from e.g. low to high)

      You can expect the score to go down if you:

      • Mark a workout as “Done”

      • Mark an issue as “Remediated”, “Risk accepted” or “False positive”

      • Add an asset that has no issues on it

      The score can also go down if the Autobahn Fit platform:

      • Marks an issue as “Remediated” after scanning when certain conditions are met (same scan type, same asset, and asset available/alive)

      • Discovers an asset and, after import and scanning, doesn’t find any issues on it

      • Changes the issue severity classification of a specific issue based on real-time hacking insights (from e.g. high to low)