I tried HackGurdian and didn't get any problem on my IP range, so I thought my sites are set right. Later we purchased HackGurdian sevice and tried to do formal scan to pass PCI, but I got a lot of holes.
That is fine,I just need solve them, but the scan result is very hard to understand to let me ping down the problem.
For example, on my web server, I got error like "Webcart misconfiguration http (80/tcp) ", but I am using IIS, there is no such thing as webcart.
Another one is "Weak Supported SSL Ciphers Suites https (443/tcp)",when I create certreq.txt, I used 1024 bit length, but it doesn't work when I disable "RC2 40/128". Any idea how to solve that? Is the cert bit length related to this?