AnsweredAssumed Answered

PCI Scans saves History or Indexes?

Question asked by Derryn Edwards on Aug 21, 2014
Latest reply on Aug 21, 2014 by WillB

We recently made some changes in one of our websites, more of like a redesign and several paths have been removed/changed, in one of the servers that has been scanned before with the old website version. What I found strange is that the PCI Scan with one of Qualys IP Address, triggered several 404 status trying to GET a folder that existed in the previous version, yet doesn't exist anymore in the new version.

 

Example:

 

Previous Version:

GET /example    referer= example.com | giving a status 200.

 

New Version:

GET /example referer= example.com | giving a status 404.

 

After seeing that it can't find /example, it starts trying to GET

 

/example.gz

/example.bak

/example.old

/example.zip

/example.tar

 

 

Question is, does the PCI scan have some sort of indexed paths, or history of a previous scan that uses in the next scan? Like, if previous scan have more paths to certain folders, would it try to look for these folders again in a new scan, or start a fresh scan with no saved paths? If it does have indexed/saved paths, is there a way to reset it?

 

Thanks,

Outcomes