Penetration Testing mailing list archives
PCI Compliance (Vulnerability Scans)
From: 09sparky () gmail com
Date: 16 Dec 2006 19:09:51 -0000
Group, Have any of you performed simply PCI compliant Vulnerability Scans? if so, I am looking for a few things: 1. Did you use an automated Scanner (only)? If so, which one (or which one do you think is the best)? 2. What are your recommendations for performing a simple PCI compliant Scan? Is an automated tool the best solution for a simple scan? I assume it is, since I don't believe much manual time/effort should be devoted to them, as opposed to a real Vulnerability Assessment (manual verification)/Penetration Test. 3. Could someone also guide me in the right direction for finding out more about PCI compliment vulnerability scanning (i.e. websites, books, whitepapers, etc)? - I am wondering specifically while doing discovery scanning do you only focus on ports 22,23,25,80 and 443 and if found "alive" perform a full 65k+ scan on those hosts. Also, do you only perform scans on hosts that provide sensitive information like servers? Would routers, etc that connect these servers count as well? Anyway, Thanks allot for any information anyone can provide. Sparky ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- PCI Compliance (Vulnerability Scans) 09sparky (Dec 16)
- RE: PCI Compliance (Vulnerability Scans) Erin Carroll (Dec 16)
- <Possible follow-ups>
- Re: RE: PCI Compliance (Vulnerability Scans) 09sparky (Dec 17)
- Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 17)
- Re: PCI Compliance (Vulnerability Scans) Vivek Chudgar (Dec 19)
- Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 19)
- Re: PCI Compliance (Vulnerability Scans) bf (Dec 21)
- Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 21)
- Banner Grabbing Michael J Condon (Dec 21)
- Message not available
- Re: Banner Grabbing Jamie Riden (Dec 21)
- Message not available
- Re: Banner Grabbing Jamie Riden (Dec 21)
- Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 17)