Vulnerabilities We Scan For

Our PCI Scan currently searches for over 75,613 vulnerabilities.

Please view the PCI Definitions Page to help with the list below.

Version Check

  • Vulnerable Web Servers

  • Vulnerable Web Server Technologies - such as PHP 4.3.0 file disclosure and possible code execution.

Web Server Configuration Checks

  • Check for Web Servers Problems - Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)

  • Verify Web Server Technologies

CG-WebScan® Solution Features

Detect vulnerabilities from a current database of known existing flaws. Deep scanning capabilities detect and report alerts for the following types of vulnerabilities:

  • Cross Site Scripting (XSS)

  • SQL Injection Flaws

  • Information Leakage and Improper Error Handling

  • Broken Authentication and Session Management

  • Failure to Restrict URL Access

  • Improper Data Validation

  • Cross Site Request Forgery (CSRF)

  • Insecure Direct Object Reference

  • Insecure Cryptographic Storage

  • Insecure Communications

  • Malicious File Execution

  • Application's code content, including PHP, ASP, .NET components, and JavaScript

  • Sensitive content in HTML (transaction card data, SSNs)

  • Crawls and analyzes all website components, including Flash objects, SOAP app-to-app communication links, and AJAX routines

  • SQL injection flaws, cross-site scripting

  • Browser emulation to find and test all links

  • Deep level scans and thorough coverage

  • Low false positives/negatives ratio

  • Buffer overflows

  • Sub domain scanning

  • Input Validation (also performed automatically)

File Checks

  • Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)

  • Cross Site Scripting in URI

  • Checks for Script Errors

File Uploads

  • Unrestricted File uploads Checks

Directory Checks

  • Looks for Common Files (such as logs, traces, CVS)

  • Discover Sensitive Files/Directories

  • Discovers Directories with Weak Permissions

  • Cross Site Scripting in Path and PHPSESSID Session Fixation.

  • Web Applications

  • HTTP Verb Tampering

Text Search

  • Directory Listings

  • Source Code Disclosure

  • Check for Common Files

  • Check for Email Addresses

  • Microsoft Office Possible Sensitive Information

  • Local Path Disclosure

  • Error Messages

  • Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)


  • Default Passwords

  • Default Account Passwords

  • Authentication attacks

Network Alerts with Port Scanner

Port scanner, scans the web server and obtains a list of open ports with banners. Also performs complex network level vulnerability checks on open ports such as:

  • DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)

  • FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)

  • Security and configuration checks for badly configured proxy servers

  • Checks for weak SNMP community strings and weak SSL cyphers

  • And many, many, more.

You've got enough to think about, so let us get things going for you! We'll increase your sales, protect your site, and increase prospective clients trust in your business so you can finally relax and enjoy your success. Cheers to winning!

  Related Articles

Website Security PCI Compliance has a Shopper Approved rating of 4.7/5 based on 971 ratings and reviews.