What's the difference between Standard report (OWASP) and PCI report?

There are 2 formats of web app scan reports:

  • Standard (OWASP)
  • PCI

Both report formats perform the same set of checks, these options give you the ability to include additional context in the report.

Standard report (OWASP) presents findings from your web app vulnerability scan correlated to the OWASP Top 10 Vulnerabilities, which can be helpful to categorize and begin working on any findings.

PCI report contains a section in the summary page cross-referencing the web app vulnerability findings against a PCI-DSS requirements checklist. For each item in the list, we indicate if the target was tested for that requirement and if it passed or not.

Note that the column Passed indicates the current compliance status of each requirement. This means that every time you generate a new report you will get the current status of your target, as long as a new scan was completed to ensure that the finding status is updated.


Have more questions? Submit a request