Andrew Freeborn

PCI DSS helps entities understand and implement standards for security policies, technologies, and ongoing processes that protect payment systems from breaches and theft of cardholder data. Any organization that handles payment card information must adhere to the PCI DSS and must demonstrate compliance annually. The PCI Quarterly Internal Vulnerability Scanning dashboard presents extensive data about the vulnerability status of the cardholder data environment based on the available data.

Web browsers are a major piece of software in most organizations. As a result of the popularity and versatility of web browsers and their use in an organization, web browsers are a major target for attack. Analysts can use this report to identify vulnerable web browsers in an organization and the associated vulnerabilities with each web browser.

Organizations are offering more services and products with web interfaces to better enable workflows in the environment. As more web services come online, unintentional information disclosures and abilities may inadvertently be enabled. This report assists analysts by displaying HTTP headers, options, certificate lifetimes and associated vulnerabilities for risk mitigation or remediation.

Vulnerabilities are a common threat to an organization, but layers of protection help to reduce the risk from external threats. Exploitation framework tools are designed to detect and exploit software and hardware vulnerabilities in target systems.. This report assists analysts by identifying vulnerabilities exploitable by the exploit framework tools.

Organizations face the ongoing tasks of remediating vulnerabilities and mitigating risks. Not all vulnerabilities pose the same level of risk, and analysts need to accurately prioritize remediation efforts. This report helps analysts to identify the most important vulnerabilities to assist in remediation efforts.