We use Qualys for PCI vulnerability scanning.
Josh
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael B Allen Sent: Friday, February 18, 2011 1:20 PM To: centos@centos.org Subject: [CentOS] Recommendation for a Good Vulnerability Scanning Service?
Hi,
Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification).
I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of "Fail" results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor.
I haven't spoken with the hackerguardian people yet but it would be nice if I could just say "I'm using CentOS 5.5" and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this?
Thanks, Mike _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos