In the UK, Streamline, now part of Worldpay, are pushing hard for PCI DSS compliance. They've teamed up with TrustWave and we've been encouraged to use their TrustKeeper IP Scanning system for vulnerabilities.
The only item my site is failing on is XSS, despite the magnificent presence of Security Pro 2!!
URL: ....../product_info.php?products_id=%3Cscript%3Ealert%28TK00000004%29%3C%2Fscript%3E
Body matches:
Vulnerability type: Reflected Cross-Site Scripting
Vulnerable input type: URL Query Parameter
Vulnerable input name: products_id
This may be a very dubious failure, but many of us will have to deal with it.
Any thoughts?