Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: nessus to PCI

from [Michael Hammer] Network Security [Permanent Link]
Subject: Re: nessus to PCI
Date: Wed, 22 Jun 2005 16:46:46 -0400 
On 6/22/05, Mr Wizard <security.research.2005@gmail.com> wrote:

Unless you can get the Nessus Open Source Vulnerability Scanner
project team to certify Nessus with the Visa & MasterCard PCI program,
I would not advise using this tool for client engagements.

Mr. Wizard.



Actually, I think it is the reverse. 

Because the scans can only be completed by 3rd parties certified for
PCI compliance scans, even if you could map nessus to PCI requirements
it wouldn't necessarily be useful for any sort of client engagements.
PCI does not test the specific tool(s). It really tests the outcomes
from the use of the tool(s)

Here are a couple of links that might be useful:

https://sdp.mastercardintl.com/vendors/vendor_testing_process.shtml -
This is the process by which scan vendors are tested and qualified.
Note that there is no reference to any particular tools.

https://sdp.mastercardintl.com/vendors/vendor_list.shtml - list of
approved vendors

http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_Qualified_CISP_Assessor_List.pdf
- VISA list of approved vendors.

Mike
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Risks associated to branch office IPSec devices, Steve Goldsby (ICS)
Next by Date:  RE: nessus to PCI, cdewitt
Previous by Thread:  Re: nessus to PCI, Renaud Deraison
Next by Thread:  RE: nessus to PCI, Dan Tesch
Indexes:  [Date] [Thread] [Top] [All Lists]