OWASP Top 10 Vulnerability Scans
- Select a website from the drop-down at top-left and choose 'Scan' > 'Vulnerability Scan'
- cWatch scans your sites for the top-ten vulnerabilities published by the Open Web Application Security Project (OWASP)
- The results identify any weaknesses on your site and provides guidance to fix them
You can run OWASP scans on-demand, and/or schedule weekly scans. You can also view the results of the last ten scans.
- Open the cWatch dashboard
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
The 'OWASP Top 10' pane contains the results of the last scan and lets you run or schedule a new scan.
The last scan area on the right shows the results of the most recent scan.
- Scan Date - When the last WASP vulnerability scan was run.
- Score - The number of OWASP top-10 categories passed by your site.
- High, Medium, Low and Information - Number of vulnerabilities found at each risk level.
- Click the 'Refresh' icon at top-right to re-load results if you have just completed a more-recent scan.
The pane lets you:
You can manually start a vulnerability scan at anytime:
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
- Click 'Start Scan' in the 'OWASP Top 10 Scan' pane:
- cWatch will begin scanning the domain for OWASP top 10 vulnerabilities.
- Scan results are shown in the 'Last Scan' box on the right
- Click the 'Refresh' icon at top-right to reload the results of the scan
- Alerts will be generated if any vulnerabilities are found.
- Click 'View Full Report' for a comprehensive overview of discovered vulnerabilities.
- See View detailed results of the last scan for more details.
You can enable an automatic, weekly OWASP scans on any of your websites
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
- Use the switch in the OWASP pane to enable the weekly scan, as shown in the screenshot below:
- Weekly scans will start the next day and will run at the same day/time every week after that
- For example, if you enable the weekly scan at 6:00 PM on Friday, the scans will run every Saturday at 6:00 PM.
View detailed results of the last scan
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
- Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane
The results page shows the number of threats in each OWASP attack category.
OWASP Top 10 Vulnerabilities - Column Descriptions |
|
---|---|
Column Header |
Description |
Rank |
Severity, or criticality, of the attack category. |
Vulnerabilities |
Number of threats in this category that were found on your site.
|
Description |
A short explanation of the vulnerability. |
View Details of Identified Vulnerabilities
The 'OWASP Scan Results' page contains detailed information about each vulnerability, and has guidance to help you fix them.
Tip: You can also submit a request for Comodo specialists to manually remove the threats. Manual removal is only available for domains with a premium license. |
View detailed vulnerability information
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
- Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane
The numbers of vulnerabilities identified in each of the top ten OWASP vulnerability categories is shown as a list.
- Click the number in a category in which vulnerabilities were found
The details dialog shows a list of specific threat types found within that category.
- Click
a threat type to view affected files. The results also show guidance
to remediate the threat:
- The 'Vulnerabilities' pane shows a list of affected files with their risk level
- The 'Fix Guidance' pane summarizes the fix recommendations
- The 'Long Description' pane contains detailed background information on the threat
View the results of previous scans
You can view
the results of the 10 most recent OWASP top 10 vulnerability scans on
your site.
- Select the target website from the menu at top-left
- Click the 'Scan' tab then 'Vulnerability Scan'
- Click 'View Scan History' in the 'OWASP Top Scan' pane
The dates of the previous scans are shown at the top of the history window.
- Select a date to view detailed results from the scan run on that day
See View
detailed results of the last scan if you
need more help with this.