Author Topic: How long a PCI scan should take?  (Read 14096 times)

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
How long a PCI scan should take?
« on: August 22, 2011, 11:11:12 AM »
I know a scan can look for up to 24,000 vulnerabilities so it should take its time.

But any idea how long is the normal average?
I have 30 minutes waiting for the results and still not finished.

Also a progress bar would be great.

Thanks in advance for any answer.

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 731
Re: How long a PCI scan should take?
« Reply #1 on: August 22, 2011, 11:38:53 AM »
I know a scan can look for up to 24,000 vulnerabilities so it should take its time.
There's well over 40k known vulnerabilities.  :P
Quote
But any idea how long is the normal average? I have 30 minutes waiting for the results and still not finished.
There is no normal as everyone is unique. A scan can take up to 24h to complete. We do see most systems finish in the 3-6h range though.

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #2 on: August 22, 2011, 12:08:13 PM »
There's well over 40k known vulnerabilities.  :P
Then I guess this need to be changed:
http://www.comodo.com/e-commerce/site-seals/network-vulnerability-scan.php

Quote: "With these detailed vulnerability reports and access to a database of over 24,000 vulnerability plug-ins updated regularly, you can stay up-to-date every day and improve your website security."

Maybe I am misunderstanding something.



There is no normal as everyone is unique. A scan can take up to 24h to complete. We do see most systems finish in the 3-6h range though.
Ok, good to know that it could take even a complete day. Thank you! :-TU

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #3 on: August 22, 2011, 02:47:08 PM »
Ok, I used the HackerGuardian free service to test it and I have 2 questions about it:

1. If a scan is being performed, can I logout and come back later to check the status of the scan? Or it will be automatically canceled if I logout without the scan being finished?
2. The scan was showing me that it remained active for 4 1/2 half. I decided to logout and restart the scan later. When I got back, I got the report saying that it only took 2 hours. So from the 4 1/2 hours I waited, the scan finished in less time (like I said it took only 2h) but the scan bar or status never got updated when it finished, why is that? I am using CD as my browser, latest version available. Dont know if the browser its involved on this issue?

Thanks,

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 731
Re: How long a PCI scan should take?
« Reply #4 on: August 23, 2011, 12:32:28 AM »
Then I guess this need to be changed:
http://www.comodo.com/e-commerce/site-seals/network-vulnerability-scan.php

Quote: "With these detailed vulnerability reports and access to a database of over 24,000 vulnerability plug-ins updated regularly, you can stay up-to-date every day and improve your website security."

Maybe I am misunderstanding something.


Why would it need to be changed? 40k and beyond fits with 'over 24,000' since 40k > 24k, no?

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 731
Re: How long a PCI scan should take?
« Reply #5 on: August 23, 2011, 12:39:52 AM »


Quote
1. If a scan is being performed, can I logout and come back later to check the status of the scan? Or it will be automatically canceled if I logout without the scan being finished?

This is quite a common misconception. It's Software as a Service. You can click 'Start Scan' and once you do, you can log out and do other things, you need not stay logged into HG for the scans to run.

Quote
2. The scan was showing me that it remained active for 4 1/2 half. I decided to logout and restart the scan later.
So you logged out and logged back in and it still showed 'scanning'?


Quote
When I got back, I got the report saying that it only took 2 hours. So from the 4 1/2 hours I waited, the scan finished in less time (like I said it took only 2h) but the scan bar or status never got updated when it finished, why is that? I am using CD as my browser, latest version available. Dont know if the browser its involved on this issue?

The newest version of CD is not yet supported by HG since that version was only released last week and the same goes for the newest Firefox. They both should in theory work, but there may be some minor quirks.

HG should have kicked you out if you were idle for too long. Are you saying you were not idle and you kept your HG session active by browsing the account for 4.5h? Can you please explain in more detail what you were doing exactly?

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #6 on: August 23, 2011, 01:28:17 AM »
Why would it need to be changed? 40k and beyond fits with 'over 24,000' since 40k > 24k, no?

Yes, 40K its greater than 24K.
But if you look at it on the IT side... 24K < 40K.
If I see somewhere else 40K, Ill rather go and purchase that product.

If you look at it at the customer side... 40K its a lot. more than 24K/  :azn:

In both aspects above mentioned, of course 40K its greater than 24K.
But in business, numbers are very important. ;)

So its not only of matter if 40K its greater than 24K. Hope you understand. If not, nevermind.  :P

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #7 on: August 23, 2011, 01:36:26 AM »
This is quite a common misconception. It's Software as a Service. You can click 'Start Scan' and once you do, you can log out and do other things, you need not stay logged into HG for the scans to run.
Great to know that! Next time I will hit START SCAN, and logout.


The newest version of CD is not yet supported by HG since that version was only released last week and the same goes for the newest Firefox. They both should in theory work, but there may be some minor quirks.

HG should have kicked you out if you were idle for too long. Are you saying you were not idle and you kept your HG session active by browsing the account for 4.5h? Can you please explain in more detail what you were doing exactly?
I was on HG all the time. I just logged out 4.5h later after the scan started. I logged out to test if the scan would continue. Immediately I logged in back, and I found out the scan was finished. So I though at first that it stopped because I logged out. But then, after looking at the reports, I saw that it took a little bit more than 2h. So I was 2.5h more after the scan was finished, there in HG thinking that the scan was still active because the little blue bar that showes the scan is active.

That blue little bar never changed while I was sitting there for 4.5h. Thats why it gave me the wrong impression that the scan was still running when it finished 2h before.  :-\

It should have gave me results while the 2h of the scan, right? If I wouldnt have logged out, I would be sitting right now, waiting for the scan to finish. LOL  But again, I think thats something from the browser?

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 731
Re: How long a PCI scan should take?
« Reply #8 on: August 23, 2011, 04:52:12 PM »
That blue little bar never changed while I was sitting there for 4.5h. Thats why it gave me the wrong impression that the scan was still running when it finished 2h before.  :-\
At the very least it should have kicked you out for being idle. The indicator only updates on page refresh at this time. Down the line this should be available so you don't have to refresh the page as it would be handled via AJAX.

FYI: the total number of plugins at this time are a hair over 45k btw and presently being updated on the website. Do keep in mind new vulnerabilities are found every day and plugins are added on a weekly basis so the total can be quite skewed after a few weeks. :P

Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #9 on: August 23, 2011, 05:14:53 PM »
At the very least it should have kicked you out for being idle. The indicator only updates on page refresh at this time. Down the line this should be available so you don't have to refresh the page as it would be handled via AJAX.

FYI: the total number of plugins at this time are a hair over 45k btw and presently being updated on the website. Do keep in mind new vulnerabilities are found every day and plugins are added on a weekly basis so the total can be quite skewed after a few weeks. :P

Understood how it works, thanks! :-TU

Offline Sal Amander

  • Retired Comodo Staff
  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 731
Re: How long a PCI scan should take?
« Reply #10 on: August 26, 2011, 10:44:51 AM »
Plugin total updated to read 'over 45,000'. 8)


Offline w-e-v

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1467
  • BETA FORCE MEMBER
Re: How long a PCI scan should take?
« Reply #11 on: August 26, 2011, 12:29:25 PM »
Plugin total updated to read 'over 45,000'. 8)

Great! Am I going to have commissions for the sales you are going to do that for the change? haha

Good Job. I like this tool. :-TU

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek