ITarian Help

Find the desired product help

SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP Web Protection > Website Data And Settings > Security Scans > Vulnerability Scans > OWASP Top 10 Vulnerability Scans
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts, Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 – SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • View VM Summary
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About ITarian Security Solutions

OWASP Top 10 Vulnerability Scans

 

  • Select a website from the drop-down at top-left and choose 'Scan' > 'Vulnerability Scan'
  • SOCaaP Web Protection scans your sites for the top-ten vulnerabilities published by the Open Web Application Security Project (OWASP)
  • The results identify any weaknesses on your site and provides guidance to fix them

You can run OWASP scans on-demand, and/or schedule weekly scans. You can also view the results of the last ten scans.


  • Open the SOCaaP Web Protection dashboard
  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'

The 'OWASP Top 10' pane contains the results of the last scan and lets you run or schedule a new scan.




The last scan area on the right shows the results of the most recent scan.


  • Scan Date - When the last WASP vulnerability scan was run.
  • Score - The number of OWASP top-10 categories passed by your site.
  • High, Medium, Low and Information - Number of vulnerabilities found at each risk level.
  • Click the 'Refresh' icon at top-right to re-load results if you have just completed a more-recent scan.

The pane lets you:


  • Run an on-demand scan
  • Configure Scheduled Scans
  • View detailed results of the last scan
  • View the results of previous scans

Start an on-demand scan



You can manually start a vulnerability scan at anytime:

  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'
  • Click 'Start Scan' in the 'OWASP Top 10 Scan' pane:




  • SOCaaP Web Protection will begin scanning the domain for OWASP top 10 vulnerabilities.
  • Scan results are shown in the 'Last Scan' box on the right
  • Click the 'Refresh' icon at top-right to reload the results of the scan
  • Alerts will be generated if any vulnerabilities are found.
  • Click 'View Full Report' for a comprehensive overview of discovered vulnerabilities.
  • See View detailed results of the last scan for more details.


Schedule a scan


You can enable an automatic, weekly OWASP scans on any of your websites


  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'
  • Use the switch in the OWASP pane to enable the weekly scan, as shown in the screenshot below:




  • Weekly scans will start the next day and will run at the same day/time every week after that
  • For example, if you enable the weekly scan at 6:00 PM on Friday, the scans will run every Saturday at 6:00 PM.


View detailed results of the last scan


  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'
  • Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane

The results page shows the number of threats in each OWASP attack category.




OWASP Top 10 Vulnerabilities - Column Descriptions

Column Header

Description

 Rank

Severity, or criticality, of the attack category.

 Vulnerabilities

Number of threats in this category that were found on your site.

  • Click the number to view the complete details of the threat, list of files affected and guidance to fix the issue
  • See View Details of Identified Vulnerabilities information for more details

 Description

 A short explanation of the vulnerability.


View Details of Identified Vulnerabilities


The 'OWASP Scan Results' page contains detailed information about each vulnerability, and has guidance to help you fix them.


Tip: You can also submit a request for Comodo specialists to manually remove the threats. Manual removal is only available for domains with a premium license.


View detailed vulnerability information


  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'
  • Click 'View Full Report' under 'Last Scan' in the 'OWASP Top 10' Scan pane

The numbers of vulnerabilities identified in each of the top ten OWASP vulnerability categories is shown as a list.


  • Click the number in a category in which vulnerabilities were found




The details dialog shows a list of specific threat types found within that category.


  • Click a threat type to view affected files. The results also show guidance to remediate the threat:



 

  • The 'Vulnerabilities' pane shows a list of affected files with their risk level
  • The 'Fix Guidance' pane summarizes the fix recommendations
  • The 'Long Description' pane contains detailed background information on the threat


View the results of previous scans


You can view the results of the 10 most recent OWASP top 10 vulnerability scans on your site. 


  • Select the target website from the menu at top-left
  • Click the 'Scan' tab then 'Vulnerability Scan'
  • Click 'View Scan History' in the 'OWASP Top Scan' pane




The dates of the previous scans are shown at the top of the history window.


  • Select a date to view detailed results from the scan run on that day
See View detailed results of the last scan if you need more help with this.
Comodo Help
  • IT Platform:
  • Help
  • Scripts
  • Wiki
  • Forum
  • Developer
  • RMM
  • Patch Management
  • Service Desk
  • ITSM
  • Managed Service Provider
  • Managed Detection and Response
  • Ticketing System
  • Helpdesk
  • ITIL

Copyright 2025 Itarian