I’m not doing e-commerce transactions, so its not required that I do quarterly external PCI Scan Compliance scans, as dictated by the Security Standards Counsel. But, for the fun of it, I ran an official scan, from two Approved Scanning Vendor (ASV) PCI programs. I am evaluating the QualysGuard PCI On-Demand program for something in my professional life, and using a part of my personal life (my blog), as the test case. This is great, I get to play with a new technology, discover and fix vulnerabilities on my web site, share my experience with you, help others identify and correct these problems on their servers, and get paid for it, all at the same time. Can I get a whoot?
I was shocked at how many problems it found with my web site. In this article, I will expose the report and discuss how I fixed each item, and therefore became PCI scan compliant. Then I will give my review of the QualysGuard PCI program.
Before I remediated any of the problems QualysGuard PCI found, I signed up for Comodo’s HackerGuardian program. I wanted to see if it found the same problems, or yet a different set. I was shocked that Comodo’s HackerGuardian simply gave me a PASSED scoring. More on that later in the article.