Xcitium SIEM

• Introduction To Comodo CWatch Web Security
  • Purchase A License
  • License Types
  • Login To The Admin Console
  • Add Websites
• The Main Interface
• The Dashboard
• Website Data And Settings
  • Website Overview
  • Security Scans
    • Website Scans
    • Website Files Security Scans
      • Malware Scan Settings
        • Automatic Configuration
        • Manual Configuration
      • Run A Scan And View Results
      • Notifications, Malware Removal And Scheduled Scans
    • Vulnerability Scans
      • CMS Vulnerability Scans
      • OWASP Top 10 Vulnerability Scans
  • Content Delivery Network
    • Activate CDN For A Website
    • CDN Settings
    • View CDN Metrics
  • Firewall
    • WAF Statistics
    • WAF Events
    • Configure WAF Policies
    • Manage Custom Firewall Rules
  • SSL Configuration
  • DNS Configuration
  • Add Trust Seal To Your Websites
  • Back Up Your Website
    • Purchase A Backup License
    • Backup Settings
    • On-Demand Backup
    • View Backup Records And File Statistics
    • Restore And Download Website Files
    • Delete Backups
• View And Upgrade Licenses For Domains
• Manage Your Profile
• Get Support
• About Comodo Security Solutions

OWASP Top 10 Vulnerability Scans

 

• Select a website from the drop-down at top-left and choose 'Scan' > 'Vulnerability Scan'

• cWatch scans your sites for the top-ten vulnerabilities published by the Open Web Application Security Project (OWASP)

• The results identify any weaknesses on your site and provides guidance to fix them

You can run OWASP scans on-demand, and/or schedule weekly scans. You can also view the results of the last ten scans.

• Open the cWatch dashboard

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

The 'OWASP Top 10' pane contains the results of the last scan and lets you run or schedule a new scan.

The last scan area on the right shows the results of the most recent scan.

• Scan Date - When the last WASP vulnerability scan was run.

• Score - The number of OWASP top-10 categories passed by your site.

• High, Medium, Low and Information - Number of vulnerabilities found at each risk level.

• Click the 'Refresh' icon at top-right to re-load results if you have just completed a more-recent scan.

The pane lets you:

• Run an on-demand scan

• Configure Scheduled Scans

• View detailed results of the last scan

• View the results of previous scans

Start an on-demand scan

You can manually start a vulnerability scan at anytime:

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

• Click 'Start Scan' in the 'OWASP Top 10 Scan' pane:

• cWatch will begin scanning the domain for OWASP top 10 vulnerabilities.

• Scan results are shown in the 'Last Scan' box on the right

• Click the 'Refresh' icon at top-right to reload the results of the scan

• Alerts will be generated if any vulnerabilities are found.

• Click 'View Full Report' for a comprehensive overview of discovered vulnerabilities.

• See View detailed results of the last scan for more details.

Schedule a scan

You can enable an automatic, weekly OWASP scans on any of your websites

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

• Use the switch in the OWASP pane to enable the weekly scan, as shown in the screenshot below:

• Weekly scans will start the next day and will run at the same day/time every week after that

• For example, if you enable the weekly scan at 6:00 PM on Friday, the scans will run every Saturday at 6:00 PM.

View detailed results of the last scan

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

• Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane

The results page shows the number of threats in each OWASP attack category.

OWASP Top 10 Vulnerabilities - Column Descriptions
Column Header	Description
Rank	Severity, or criticality, of the attack category.
Vulnerabilities	Number of threats in this category that were found on your site. Click the number to view the complete details of the threat, list of files affected and guidance to fix the issue See View Details of Identified Vulnerabilities information for more details
Description	A short explanation of the vulnerability.

View Details of Identified Vulnerabilities

The 'OWASP Scan Results' page contains detailed information about each vulnerability, and has guidance to help you fix them.

Tip: You can also submit a request for Comodo specialists to manually remove the threats. Manual removal is only available for domains with a premium license.

View detailed vulnerability information

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

• Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane

The numbers of vulnerabilities identified in each of the top ten OWASP vulnerability categories is shown as a list.

• Click the number in a category in which vulnerabilities were found

The details dialog shows a list of specific threat types found within that category.

• Click a threat type to view affected files. The results also show guidance to remediate the threat:
  

 

• The 'Vulnerabilities' pane shows a list of affected files with their risk level
  

• The 'Fix Guidance' pane summarizes the fix recommendations

• The 'Long Description' pane contains detailed background information on the threat

View the results of previous scans

You can view the results of the 10 most recent OWASP top 10 vulnerability scans on your site. 

• Select the target website from the menu at top-left

• Click the 'Scan' tab then 'Vulnerability Scan'

• Click 'View Scan History' in the 'OWASP Top Scan' pane

The dates of the previous scans are shown at the top of the history window.

• Select a date to view detailed results from the scan run on that day

See View detailed results of the last scan if you need more help with this.