Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PCI DSS Compliance

from [Roy Britten] Network Security [Permanent Link]
Subject: Re: PCI DSS Compliance
Date: Thu, 15 Dec 2005 11:28:38 +1300 
On Tue, 2005-12-13 at 11:36 -0500, Ademar Gonzalez wrote:

A shared hosting client needs to get his site PCI DSS certified.
He forwarded us the following request from the company doing the assessment.

"Your site could not be certified. Your site appears to be running
scan detection software, that has prevented a reliable port scan. This
test is inconclusive. Please add our scanner ip: ##.##.##.## to your
scan detection software exclusion list to allow our scanner to make a
complete assessment of your system."


From
http://usa.visa.com/download/business/accepting_visa/ops_risk_management/cisp_PCI_Security_Scanning_Procedures.pdf
 (or http://tinyurl.com/bm7v6):

All compliant scanning vendors are required to conduct scans in
accordance with a defined set of procedures. These procedures dictate
that the normal operation of the customer environment is not to be
impacted and that the vendor should never penetrate or alter the
customer environment

The company performing the assessment is clearly in breach of the
requirements (requiring that the customer environment be altered) -- can
your client choose another scanning vendor?

Roy.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New(?) web app sec scanner: NTOSpider, Peine,Holger
Next by Date:  RE: PCI DSS Compliance, Michael Johnson
Previous by Thread:  Re: PCI DSS Compliance, Richard Moore
Next by Thread:  RE: PCI DSS Compliance, Michael Johnson
Indexes:  [Date] [Thread] [Top] [All Lists]