PCI Scanning in Netsparker Enterprise

Netsparker Enterprise users can conduct Payment Card Industry (PCI) Scans to receive approved PCI compliance reports for their public websites.

PCI Scans are only available for Netsparker Enterprise On-Demand users and for websites whose Agent Mode is set to Cloud.

Running a PCI Scan

When configuring a New Scan, you can enable Create PCI Scan to ensure that a PCI Scan is conducted in addition to your Netsparker Enterprise scan. This additional PCI Scan is related, but not identical, to your Enterprise Scan. Scan Options configured in Netsparker Enterprise do not affect the PCI Scan and the two scans work independently of each other.

How to Run a PCI Scan

  1. In the New Scan window, while configuring the Scan Options, click the PCI Scan tab.

  1. Enable the Create PCI Scan checkbox.
  2. Configure the remaining settings as required.
  3. Click Launch.

How to Run a PCI Group Scan

  1. In the New Website Group Scan window, while configuring the Scan Options, enable the Enable PCI Scan checkbox.

  1. Configure the remaining settings as required.
  2. Click Launch.

PCI Scan Status Management

Management of the PCI Scan's status is related to your Netsparker Enterprise scan:

  • If you click Pause on your ongoing Netsparker Enterprise scan, then the PCI Scan will also pause.
  • If you click Cancel on your Netsparker Enterprise scan, then the PCI scan will also cancel.

Sometimes, your Netsparker Enterprise scan might finish before your PCI Scan is completed. If this is the case, you can manage your PCI Scan state in your Scan Report detail UI. It will give you the option to Stop the PCI Scan.

Your Scan Report UI will provide you with information on whether your PCI scan is running, how far it has progressed, and what number and level of issues it has detected so far. If you stop your PCI Scan, your Scan Report UI will inform you of this, and provide you with the options to Resume or Delete this scan.

Viewing PCI Scan Results

When your PCI Scan is complete, you will be able to view the Compliance result in the Report page. If your Compliance has passed, then you will be able to Export your scan result reports. This PCI Compliance report can come in three formats.

This table lists and explains PCI Scan Results Reports.

PCI Scan Results Report

Description

Attestation Report

This is the results report. It contains the compliance result.

Detailed Report

This report contains detailed information about the IP addresses you've scanned and should not be shared with third parties.

Executive Report

This report defines whether or not your environment meets the ASV scanning guidelines set by the PCI security council.

How to View the PCI Scan Report

  1. Click Scans, then Recent Scans.
  2. In the Recent Scans window, click Report for the PCI Scan you want to view. The Executive Summary is displayed.
  3. From the Executive Summary, you can view PCI Scan results and Export a PCI Scan Report.

  1. If your scan fails, you must fix your vulnerabilities first. When you resolve these issues, then make a new scan.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO