Understanding your overall risk score
The overall risk score provides a high-level view of your application’s security posture based on the vulnerabilities identified during testing.
Beagle Security supports two scoring methodologies:
- OWASP risk rating
- CVSS (Common Vulnerability Scoring System)
The scoring methodology you select determines how vulnerabilities are evaluated, prioritized, and reflected in the overall risk score.
Where can I view my overall risk score?
The overall risk score can be viewed in the dashboard. This shows the risk score aggregated across all your applications.

You can also view the risk score for an individual application as well. After a test is completed on an application, simply navigate to the Applications tab and click on Result. The risk score of that particular application will be displayed prominently.

How is the overall risk score calculated?
The overall risk score is derived from the vulnerabilities identified during testing and the scoring methodology selected for the application.
Each vulnerability is evaluated according to the selected framework and assigned a risk level or score.
These individual assessments contribute to the application’s overall risk score, helping you understand the overall level of risk associated with the application.
Understanding OWASP Risk Rating
The OWASP Risk Rating methodology evaluates vulnerabilities using factors related to:
- Likelihood
- Technical impact
- Business impact
This approach helps organizations assess risk from both technical and business perspectives.
OWASP risk level
Score range | Risk level |
|---|---|
0.0 - 2.9 | Low |
3.0 - 5.9 | Medium |
6.9 - 8.9 | High |
9.0 - 10 | Critical |
Understanding CVSS
The Common Vulnerability Scoring System (CVSS) is an industry-standard framework used to assess the technical severity of vulnerabilities.
CVSS evaluates vulnerabilities using a defined set of scoring metrics and assigns a numerical score that reflects the technical risk associated with a finding.
CVSS risk levels
Score range | Risk level | Description |
|---|---|---|
0.0 - 2.9 | Low | Minor impact and may not require immediate attention |
3.0 - 5.9 | Medium | Moderate risk and should be addressed, though not immediately |
6.0 - 8.9 | High | Significant threat that requires prompt attention |
9.0 - 10 | Critical | Severe threat requiring immediate remediation to help prevent major security incidents |
Updated on: 02/07/2026
Thank you!