Comodo Web Inspector

• Introduction To Comodo Web Inspector
• The Administrative Interface
  • Logging-in To The Administrative Interface
  • Adding Websites For Daily Blacklist Monitoring And Malware Scanning
  • Managing Websites In Web Inspector
    • Removing A Website From Daily Blacklist Monitoring And Malware Scanning
    • Viewing Last Scanned WI Reports
    • Adding The WI Logo To Your Website
    • Validating Your Website
    • General Website Configuration
      • Disabling / Enabling A Website
      • Changing WI Notification Recipient Email Address
      • Web Inspector Scan Reports
      • False Positives
      • Scanning Options
      • Adding Trust Logo To Your Website
  • Managing Your Account
    • Web Inspector Area
    • My Account
    • Help
    • Contacts
  • PCI Scanning
    • Starting Up With Web Inspector PCI Scanning Service
      • Introduction To The Interface
      • Running Your PCI Scan
      • Viewing Executive Report, Charts And Vulnerability Reports
      • Accessing The Self Assessment Questionnaire
    • PCI Scanning Service - Infrastructure
    • PCI Scan
      • Overview
      • List Of Devices
      • How To Create A New Device
      • Devices Management
      • Start Scanning
      • Viewing A Dashboard Summary Of Scan Results
      • Viewing Executive Report, Charts And Vulnerability Reports
    • Internal Scanning
      • How To Add A New Device
      • Internal Devices Management
      • How To Install The Agent
      • Configuring The Agent
      • Using The Agent - Main Menu
        • HackerGuardian Agent
        • Network Configuration
        • Select A Device For Session Profile
        • Diagnostic Console
        • Shutdown System
      • Start Device Scanning
      • Viewing A Dashboard Summary Of Scan Results
      • View Reports And Statistics
    • Account Preferences And Scan Settings
      • My Account Area
      • Configure Email Alert And Global Alert Options
      • Custom Settings
      • PCI Settings
    • Scheduled Scans
      • Adding A New Scan Schedule
    • Web Inspector PCI Reports
      • Viewing Scan Reports
        • Filtering Options
      • Executive Report
      • Charts Page
      • Vulnerability Report
      • Mitigation Plan
      • Reporting False Positives
      • Downloading Reports Pack
      • Tracking Status Of Submitted False Positives
    • Purchasing Additional IP Packs
  • Web Inspector PCI FAQs
    • Web Inspector PCI Services - General FAQ
    • Web Inspector PCI Services - Technical FAQ
    • PCI FAQ
• About Comodo Security Solutions

Web Inspector PCI Reports

 

At the end of each PCI/Custom scan, Web Inspector PCI  produces a vulnerability report and an executive report for each IP/Domain scanned. In addition, a consolidated report for the network device scanned is also generated.

The compliance status for each device is set as Compliant or Non-Compliant based on the discovery of potential security flaws on the device/IP/Domain.

The security flaws or the vulnerabilities are rated based on their severity levels. The rating of each vulnerability is indicated by the color of title bar of the respective report.The following table shows the official PCI severity ratings.

Rating	CVSS Score	Vulnarability	Severity Level	Scan Result
Red	7.0 - 10	Security Hole	High	Fail PCI Scan
Orange	4.0 - 6.9	Security Notes	Medium	Fail PCI Scan
Blue	0 - 3.9		Low	Pass PCI Scan

                                                                                          

Based on the ratings, Web Inspector PCI categorizes the vulnerabilities as Security Holes, Security Warnings and Security Notes.

Security Holes	A vulnerability, whose severity level is more than three or 'High', is identified as a Security Hole. To pass a PCI Compliance scan, no holes are to be found during the scan. If any holes are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved.
Security Warnings	A vulnerability, whose severity level, is more than two or 'Medium', is indicated as a Security Warning. To pass a PCI Compliance scan, no warnings are to be found during the scan. If any warnings are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved.
Security Notes	A vulnerability, whose severity level, is more than one or 'Low', is indicated as a Security Note.

Each Web Inspector PCI report indicates the Security Holes, Security Warnings and Security Notes found on each device/IP/Domain and also provides solution for remediation.

The Scan Reports produced from the PCI scans can be assessed from the 'Reports' area of the Web Inspector PCI interface, displayed by clicking the 'Reports' tab from the Navigation bar. From this interface, you can:

• View the scan reports

• Submit False Positives

• Track the status of Submitted False Positives

• Download the entire reports as a zip file by clicking the 'Generate Report Pack' button.