What's the difference between Standard report (OWASP) and PCI report?

There are 2 formats of web app scan reports in the Cyber Safety Monitoring module:

  • Standard (OWASP)
  • PCI

Both report formats contain the same set of scan results, but provide different context for you and your team.

Standard report (OWASP) presents findings from your web app vulnerability scan correlated to the OWASP Top 10 Vulnerabilities, which can be helpful to categorize and begin working on any findings.

PCI report contains a section in the summary page cross-referencing the web app vulnerability findings against a PCI-DSS requirements checklist. For each item in the list, we indicate if the target was tested for that requirement, and if it passed or not.

Note that the column Passed indicates the current compliance status of each requirement. This means that every time you generate a new report you will get the current status of your target, as long as a new scan was completed to ensure that the finding status is updated.

 

Have more questions? Submit a request