“We know that there’s nothing more frustrating than failing your ASV scan.”
But did you know there are 10 reasons why you would automatically fail should the scan make any of the following findings?
- Operating system versions no longer supported by the vendor. Windows 2000, older Linux distributions. Unsupported, and therefore unpatched.
- Open access to databases from the Internet. All database connections should be safely hidden behind your firewall.
- Built-in or default accounts and passwords. If you’ve not changed the defaults, you’re in trouble.
- DNS servers that allow unrestricted DNS zone transfer. A configuration omission that leads to lots of information being leaked to an attacker.
- Unvalidated parameters that may lead to SQL injection attacks. A major cause of data loss and compromise, and very easy to prevent.
- Cross-site scripting (XSS) vulnerabilities. Another easy-to-fix issue that can be used to trick customers in to visiting fake websites and more.
- Directory traversal vulnerabilities. Another configuration or programming flaw that lets an attacker wander freely over your server.
- HTTP response splitting/header injection. A flaw enabling an attacker to hijack a user’s session or even launch other attacks such as cross site scripting.
- Remotely detectable backdoor applications installed on the servers. In this case, your system may already be compromised.
- Components that support SSL version 2.0 or older,OR that support SSL v3.0/TLS v1.0 with 128-bit encryption in conjunction with SSL v2.0.
Of course, there are many other security issues that an ASV scan could identify. However all of the above are considered automatic failures, a score which is common to all ASV companies.