pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Importance of being a QSA

from [3 shool] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: Importance of being a QSA
From: "3 shool" <3shool@gmail.com>
Date: Tue, 28 Nov 2006 17:17:55 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qL+Gn9CnZpLrcAwGdtABq9OCkrSbvfzmjlG5dzG3cR8BqRdfaTDmhGhlqm4I4VSev6EDpfS5fSAUZ1iBQy25m/k16KCp1JmZ2ZUy16gwj9A6j06z4mVCbi5j1/PETdJfsSVLT18TT7D1MwKe9bw4hx013Hk79ijjaxRmNQ/jHLE=
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Tue, 28 Nov 2006 07:56:06 -0700 (MST)
Resent-from: pen-test-return-1078483060@securityfocus.com
Resent-message-id: <20061128145606.ECFBE236F33@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Hi All,

We have been doing Penetration tests for more than 4 years for our
customers, including financial and e-commernce segments. One of our
customer came up with a requirement that they would get PenTest
services ONLY from QSA (Qualified Security Assessor) by PCI, as part
of company policy.

We have been delivering fantastic results for them over the years and
they too haven't had any security breaches during this period. I have
heard about this in the mailing list last year but just wanted to know
how important it is to be a QSA for companies like us who have been
doing PenTests since a good period.

Is it just a marketing strategy or is it something more than OSSTMM or
other menthodologies that we don't account for in our tests?

THNX

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Outgoing Port Check, errorcode408
Next by Date:  Re: Optimal wildcard search algorithm, Tim
Previous by Thread:  Outgoing Port Check, errorcode408
Next by Thread:  Re: Importance of being a QSA, Kurt Grutzmacher
Indexes:  [Date] [Thread] [Top] [All Lists]