18 Feb
2011
18 Feb
'11
9:27 p.m.
Dr. Ed Morbius wrote:
on 14:20 Fri 18 Feb, Michael B Allen (ioplex@gmail.com) wrote:
Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification).
<snip>
I'd suggest you educate yourself on the PCI compliance issue, and query your prospective vendor(s) on what specific scans they run and/or how these are tuned to specific operating environments.
I'd tend to suspect that vuln/pen testing is going to be based more on known vulnerabilities than your environment.
This is true: depending on how far you're going, the bank/agency will want human pen testing, too.
mark