Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web Application Vulnerability Scanner

From: Brian Laing <brian () redseal net>
Date: Thu, 1 Nov 2007 13:01:21 -0700
Jax,
There are multiple levels to this. If you look at https://www.pcisecuritystandards.org/pdfs/asv_report.html you can se a list of approved scanning vendors. Oddly enough nessus is not listed while rapid7 and qualys are. So while some of the vendors on this list use nessus the product itself does not qualify as an approved scanner. Hope this helps. 

Brian

--------------------------------------------------------------------
Brian Laing
Chief Security Officer
Cellphone:  +1 650.280.2389
Office:     +1 (888) 845-8169 Ext. 805
Email: brian () redseal net

Redseal Systems – http://www.redseal.net

Instant Visibility.  Threats Averted.
-------------------------------------------------------------------




On Nov 1, 2007, at 11:43 AM, Jax Lion wrote:


My company is looking to invest on a web application vulnerability
scanner for PCI compliance.

I do not know what is the latest and greatest, but our auditor
informed us that Nessus would no longer cut it.

The scanner must satisfy PCI requirements, so if you have worked or
working on a PCI project - I'm open to recommendations.
Previous By Date Next
Previous By Thread Next

Current thread: