[CentOS] Recommendation for a Good Vulnerability Scanning Service?

Fri Feb 18 20:27:32 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

Dr. Ed Morbius wrote:
> on 14:20 Fri 18 Feb, Michael B Allen (ioplex at gmail.com) wrote:
>>
>> Can someone recommend a good vulnerability scanning service? I just
>> need the minimum for PCI compliance (it's a sort of credit card
>> processing certification).
<snip>
> I'd suggest you educate yourself on the PCI compliance issue, and query
> your prospective vendor(s) on what specific scans they run and/or how
> these are tuned to specific operating environments.
>
> I'd tend to suspect that vuln/pen testing is going to be based more on
> known vulnerabilities than your environment.

This is true: depending on how far you're going, the bank/agency will want
human pen testing, too.

         mark