Contact Support


PCI DSS Scanning in Netsparker

Netsparker Enterprise users can conduct Payment Card Industry (PCI) Scans to receive approved PCI compliance reports for their public websites.

PCI Scans are only available for Netsparker Enterprise On-Demand users and for websites whose Agent Mode is set to Cloud.

Running a PCI Scan in Netsparker Enterprise

When configuring a New Scan, you can enable Create PCI Scan to ensure that a PCI Scan is conducted in addition to your Netsparker Enterprise scan. This additional PCI Scan is related, but not identical, to your Enterprise Scan. Scan Options configured in Netsparker Enterprise do not affect the PCI Scan and the two scans work independently of each other.

In order to be able to generate an approved PCI DSS Report in Netsparker Enterprise, you must first configure the scan to generate PCI DSS Scan information. You can configure Netsparker Standard to perform a PCI DSS Scan, but its report does not constitute an official report. A normal scan in Netsparker Enterprise and Netsparker Standard presents only an unofficial PCI DSS Report. If you are not allowed to start a PCI scan, please contact us at Sales team over, so the team can change your product plan.

How to Run a PCI Scan in Netsparker Enterprise

  1. In the New Scan window, while configuring the Scan Options, click the PCI Scan tab.

  1. Enable the Create PCI Scan checkbox.
  2. Configure the remaining settings as required.
  3. Click Launch.

How to Run a PCI Group Scan in Netsparker Enterprise

  1. In the New Website Group Scan window, while configuring the Scan Options, enable the Enable PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Click Launch.

PCI Scan Status Management in Netsparker Enterprise

Management of the PCI Scan's status is related to your Netsparker Enterprise scan:

  • If you click Pause on your ongoing Netsparker Enterprise scan, then the PCI Scan will also pause.
  • If you click Cancel on your Netsparker Enterprise scan, then the PCI scan will also cancel.

Sometimes, your Netsparker Enterprise scan might finish before your PCI Scan is completed. If this is the case, you can manage your PCI Scan state in your Scan Report detail UI. It will give you the option to Stop the PCI Scan.

Your Scan Report UI will provide you with information on whether your PCI scan is running, how far it has progressed, and what number and level of issues it has detected so far. If you stop your PCI Scan, your Scan Report UI will inform you of this, and provide you with the options to Resume or Delete this scan.

Viewing PCI Scan Results in Netsparker Enterprise

When your PCI Scan is complete, you will be able to view the Compliance result in the Report page. If your Compliance has passed, then you will be able to Export your scan result reports. This PCI Compliance report can come in three formats.

This table lists and explains PCI Scan Results Reports.

PCI Scan Results Report


Attestation Report

This is the results report. It contains the compliance result.

Detailed Report

This report contains detailed information about the IP addresses you've scanned and should not be shared with third parties.

Executive Report

This report defines whether or not your environment meets the ASV scanning guidelines set by the PCI security council.

For further information, see How to Generate a PCI DSS Compliance Report in Netsparker Enterprise.

How to View the PCI Scan Report in Netsparker Enterprise

  1. Click Scans, then Recent Scans.
  2. In the Recent Scans window, click Report for the PCI Scan you want to view. The Scan Summary is displayed.
  3. From the Scan Summary, you can view PCI Scan results and Export a PCI Scan Report.

  1. If your scan fails, you must fix your vulnerabilities first. When you resolve these issues, then make a new scan.

Defining the PCI Scan Policy in Netsparker Standard

In Netsparker Standard, you can define the Scan Policy so that a PCI Checks test is performed. This security test only scans for vulnerabilities with PCI classifications.

You can also download a PCI Compliance Report based on PCI classifications. This is a report that lists the vulnerabilities that are listed in PCI classification, along with their details.

For further information on how to download a PCI Compliance Report on Netsparker Standard, see Report Templates.

How to Define the PCI Scan Policy in Netsparker Standard

  1. Open Netsparker Standard.
  2. In the Home tab, click New. The Start a New Website or New Service Scan dialog is displayed.
  3. In the Target Website or Web Service URL field, enter the URL of the website you want to scan.
  4. In the Scan Policy dropdown, select PCI Checks.
  5. Complete the other fields as required.
  6. Click Start Scan.

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo