PCI DSS

["security guy" <blokesecurity () googlemail com>]

> From what I can see there seem to be some inconsistencies between the
PCI-DSS scanning guidelines and the cost of services offered by the
ASVs. The testing process to become an ASV seems to require a certain
degree of manual testing but there are plenty of companies offering
deals such as £75 for the testing of entire host ranges. Are companies
doing a full manual test on the assessment and then just chucking a
load of automated scanners at the hosts the test commercially
afterwards? Surely there's no way any test-house can manually test
even a single hosts at that cost!