Group,
Have any of you performed simply PCI compliant Vulnerability Scans? if so, I am
looking for a few things:
1. Did you use an automated Scanner (only)? If so, which one (or which one do
you think is the best)?
2. What are your recommendations for performing a simple PCI compliant Scan?
Is an automated tool the best solution for a simple scan? I assume it is, since
I don't believe much manual time/effort should be devoted to them, as opposed
to a real Vulnerability Assessment (manual verification)/Penetration Test.
3. Could someone also guide me in the right direction for finding out more
about PCI compliment vulnerability scanning (i.e. websites, books, whitepapers,
etc)?
- I am wondering specifically while doing discovery scanning do you only focus
on ports 22,23,25,80 and 443 and if found "alive" perform a full 65k+ scan on
those hosts. Also, do you only perform scans on hosts that provide sensitive
information like servers? Would routers, etc that connect these servers count
as well?
Anyway, Thanks allot for any information anyone can provide.
Sparky
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|