Penetration Testing mailing list archives
RE: nessus to PCI
From: "Burnett, Robert" <burnettr () Fortrex com>
Date: Tue, 21 Jun 2005 14:24:13 -0400
Yes. For the most part, it hasn't been too difficult. Occasionally, the PCI risk categories can be a little frustrating because there is some room for interpretation, or there may be a vuln that doesn't seem to fit exactly into one of the following categories: Urgent - Trojan Horses, file read and writes exploit, remote command execution Critical - Potential Trojan Horses, file read exploit High - Limited exploit of read, directory browsing and denial of service (DoS) The "Limited exploit of read" phrase is one that can sometimes make it difficult for me to classify a vuln, but as I said before, it's only occasionally that I have issues. Is there a particular finding that you are having difficulty with, or were you just posing a general question? -Robert -----Original Message----- From: ctodude () yahoo com [mailto:ctodude () yahoo com] Sent: Tuesday, June 21, 2005 11:37 AM To: pen-test () securityfocus com Subject: nessus to PCI Has anyone had any luck mapping nessus results to the Payment Card Industry (PCI) Data Security standard? ----------------------------------------------------------------- Confidentiality Notice The content of this communication, along with any attachments, is covered by federal and state law governing electronic communications and may contain confidential and legally privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, use or copying of the information contained herein is strictly prohibited. If you have received this communication in error, please immediately contact us by telephone at (301) 977-6966 or e-mail info () fortrex com. Thank you.
Current thread:
- nessus to PCI ctodude (Jun 21)
- nessus to PCI Vic N (Jun 22)
- Re: nessus to PCI Mr Wizard (Jun 22)
- Re: nessus to PCI Renaud Deraison (Jun 22)
- Re: nessus to PCI Michael Hammer (Jun 22)
- RE: nessus to PCI Dan Tesch (Jun 22)
- Re: nessus to PCI David Rice (Jun 22)
- Re: nessus to PCI Mr Wizard (Jun 22)
- RE: nessus to PCI Vic N (Jun 23)
- <Possible follow-ups>
- RE: nessus to PCI Burnett, Robert (Jun 21)
- RE: nessus to PCI cdewitt (Jun 22)
- nessus to PCI Vic N (Jun 22)