Penetration Testing mailing list archives
RE: nessus to PCI
From: <cdewitt () indepthsec com>
Date: Wed, 22 Jun 2005 15:50:07 -0500
IMHO, Firms are certified through MC/Visa, not software. Firms that are certified to perform PCI assessments use Nessus all the time. It's not about the software - it's about the analysis. cd... -----Original Message----- From: Mr Wizard [mailto:security.research.2005 () gmail com] Sent: Wednesday, June 22, 2005 12:55 PM To: pen-test () securityfocus com Subject: Re: nessus to PCI Unless you can get the Nessus Open Source Vulnerability Scanner project team to certify Nessus with the Visa & MasterCard PCI program, I would not advise using this tool for client engagements. Mr. Wizard. On 6/22/05, Vic N <vic778 () hotmail com> wrote:
Can you be more specific? Is this PCI 1.0? And are you talking about
a
specific section like section 1 or other sections?Has anyone had any luck mapping nessus results to the Payment Card
Industry
(PCI) Data Security standard?
-- I know because I must know...
Current thread:
- nessus to PCI ctodude (Jun 21)
- nessus to PCI Vic N (Jun 22)
- Re: nessus to PCI Mr Wizard (Jun 22)
- Re: nessus to PCI Renaud Deraison (Jun 22)
- Re: nessus to PCI Michael Hammer (Jun 22)
- RE: nessus to PCI Dan Tesch (Jun 22)
- Re: nessus to PCI David Rice (Jun 22)
- Re: nessus to PCI Mr Wizard (Jun 22)
- RE: nessus to PCI Vic N (Jun 23)
- <Possible follow-ups>
- RE: nessus to PCI Burnett, Robert (Jun 21)
- RE: nessus to PCI cdewitt (Jun 22)
- nessus to PCI Vic N (Jun 22)