Skip to main contentCyStack BaseCheck classifies systems into 4 security levels: A, B, C, D. This applies to web systems or publicly exposed infrastructure (Internet-facing).
🟢 Level A - High Security
The system is properly configured with no clear risks detected.
- No leaked accounts/emails
- TLS only uses strong standards (TLS 1.2+ with modern ciphers, no CBC/RSA)
- No security vulnerabilities detected
- Not listed on any blacklist
- All subdomains are well secured (HTTPS, no exposed admin panels)
- Only common and legitimate ports are open (80, 443, 22…)
- Presence of WAF or firewall detected
🟡 Level B - Good, Minor Improvements Needed
A few minor weaknesses exist but no serious impact yet.
- Fewer than 5 leaked accounts/emails
- TLS still contains weak ciphers (CBC) but supports Forward Secrecy
- Contains Low severity vulnerabilities
- A few subdomains have minor issues (e.g., expired cert, redirect issues)
- Open ports are reasonable with no suspicious services
- Signs of WAF present (e.g., headers, Cloudflare…)
🟠 Level C - Medium Risk, Potential Threats
Noticeable configuration issues that should be addressed soon.
- More than 10 leaked accounts/emails
- TLS supports CBC/RSA or uses TLS 1.0/1.1
- Contains Low/Medium vulnerabilities
- Subdomains show risk indicators (e.g., dev., admin., no authentication, exposed IP)
- Uncommon ports are open (e.g., 11308, 11310)
- No WAF or firewall detected
🔴 Level D - High Risk
The system has multiple serious weaknesses that may be exploited.
- Listed on blacklists (spam, malware, abuse…)
- TLS certificate expired or has critical issues
- Subdomains expose sensitive information: admin panels, debug interfaces
- Contains High/CRITICAL vulnerabilities
- Sensitive services exposed without protection (FTP, DB, RDP…)
- No firewall/WAF or any detectable protection mechanism
