Penetration Testing mailing list archives
RE: Pentest Letter of Achievement/Certificate
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Sat, 16 Jul 2005 11:54:08 +1000
To date under AIS (Visa AP and presumably CISP) anyone, even internally carrying out an existing program/cycle of vulnerability scans appears to have been accepted as well. Just a matter of filling in a form. No one so far has even asked for a copy of reports, except from the auditor seeking evidence that Vuln scans do occur. Lyal -----Original Message----- From: Mike Klingler [mailto:mike () securitymetrics com] Sent: Friday, 15 July 2005 12:09 PM To: Paul Fields Cc: pen-test () securityfocus com Subject: Re: Pentest Letter of Achievement/Certificate Paul Fields wrote:
Payment Card Industry data security standards specifically ask for quarterly vulnerability scans and annual pen testing. Gramm-Leach-Bliley Act also asks for periodic testing of systems. Now that they ask for it, how do you prove what you've done?
Well they do have a list of companies that can do the VA scanning that they accept. Anyone can try to get on the list to do scanning for it.
One of the reasons we use repeatable methodologies in audits is the assumption that someone else using the same knowledge, tools, and techniques could easily come up with the same results.
They evaluate the different companies scanning with a baseline set of systems that have weaknesses on them. If you do well enough for them you get accepted. Michael Klingler
Current thread:
- source code audit, (continued)
- source code audit manoj kumar (Jul 19)
- Re: Pentest Letter of Achievement/Certificate R. DuFresne (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
- Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
- RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Matthew J. Harmon (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)