[CentOS] Recommendation for a Good Vulnerability Scanning Service?

Fri Feb 18 20:25:29 UTC 2011
Brian Mathis <brian.mathis at gmail.com>

On Fri, Feb 18, 2011 at 2:20 PM, Michael B Allen <ioplex at gmail.com> wrote:
> Hi,
>
> Can someone recommend a good vulnerability scanning service? I just
> need the minimum for PCI compliance (it's a sort of credit card
> processing certification).
>
> I got a free scan from https://www.hackerguardian.com/ and their scan
> reported a number of "Fail" results. I haven't checked them all yet
> but most seem to be things for which fixes were backported looong ago
> by The Upstream Vendor.
>
> I haven't spoken with the hackerguardian people yet but it would be
> nice if I could just say "I'm using CentOS 5.5" and have them factor
> that into their report so that I can focus on any real issues. Are
> there vulnerability scanning services that are more or less
> sophisticated about this?
>
> Thanks,
> Mike


I have used Applied Trust (http://www.appliedtrust.com/) and they are
smart about their scans.  They don't just check version numbers.  I'm
not sure if they do PCI compliance testing, so you'll have to do
further research.  They do use Nessus as part of the testing, but the
goal of testing is not for you to find the holes and patch them, it's
to have a report from someone else that says you did.