Security Basics mailing list archives
Re: Web Application Vulnerability Scanner
From: Brian Laing <brian () redseal net>
Date: Thu, 1 Nov 2007 13:01:21 -0700
Jax,There are multiple levels to this. If you look at https://www.pcisecuritystandards.org/pdfs/asv_report.html you can se a list of approved scanning vendors. Oddly enough nessus is not listed while rapid7 and qualys are. So while some of the vendors on this list use nessus the product itself does not qualify as an approved scanner. Hope this helps.
Brian -------------------------------------------------------------------- Brian Laing Chief Security Officer Cellphone: +1 650.280.2389 Office: +1 (888) 845-8169 Ext. 805 Email: brian () redseal net Redseal Systems – http://www.redseal.net Instant Visibility. Threats Averted. ------------------------------------------------------------------- On Nov 1, 2007, at 11:43 AM, Jax Lion wrote:
My company is looking to invest on a web application vulnerability scanner for PCI compliance. I do not know what is the latest and greatest, but our auditor informed us that Nessus would no longer cut it. The scanner must satisfy PCI requirements, so if you have worked or working on a PCI project - I'm open to recommendations.
Current thread:
- Web Application Vulnerability Scanner Jax Lion (Nov 01)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Web Application Vulnerability Scanner AJ (Nov 02)
- Re: Web Application Vulnerability Scanner Brian Laing (Nov 01)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- RE: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- <Possible follow-ups>
- Re: Re: Web Application Vulnerability Scanner dbennett8 (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- RE: Re: Web Application Vulnerability Scanner Craig Wright (Nov 02)
- Re: Re: Web Application Vulnerability Scanner Jax Lion (Nov 02)
- Re: Web Application Vulnerability Scanner zackPeters75 (Nov 02)
- Re: Web Application Vulnerability Scanner Erin Carroll (Nov 01)