Dr. Ed Morbius wrote: > on 14:20 Fri 18 Feb, Michael B Allen (ioplex at gmail.com) wrote: >> >> Can someone recommend a good vulnerability scanning service? I just >> need the minimum for PCI compliance (it's a sort of credit card >> processing certification). <snip> > I'd suggest you educate yourself on the PCI compliance issue, and query > your prospective vendor(s) on what specific scans they run and/or how > these are tuned to specific operating environments. > > I'd tend to suspect that vuln/pen testing is going to be based more on > known vulnerabilities than your environment. This is true: depending on how far you're going, the bank/agency will want human pen testing, too. mark