Penetration Testing mailing list archives
RE: The goal of pentest by PCI DSS?
From: Taras <taras () securityaudit ru>
Date: Sun, 25 Oct 2009 00:08:15 +0400
Hello, all again! Sorry for late answer. I simply want to sum points of view in this discussion. 1. Card holder data (CHD) is main aim of pentest by PCI DSS. 2. Access to the key systems in card holder environment (CDE) is second aim. 3. Social engineering must be performed. From "Information Supplement: Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3 Penetration Testing": " ... Consider including all of these penetration-testing techniques (as well as others) in the methodology, such as social engineering and the exploitation of exposed vulnerabilities, access controls on key systems and files, web-facing applications, custom applications, and wireless connections. ... " Thanks all for answers! -- Taras - OSCP, OSWP ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- The goal of pentest by PCI DSS? Taras (Oct 04)
- RE: The goal of pentest by PCI DSS? Victor Langåssve (Oct 05)
- Re: The goal of pentest by PCI DSS? Mohamed Farid (Oct 05)
- RE: The goal of pentest by PCI DSS? Victor Langåssve (Oct 06)
- RE: The goal of pentest by PCI DSS? Philip Cox (Oct 05)
- Re: The goal of pentest by PCI DSS? Jerome Athias (Oct 05)
- Re: The goal of pentest by PCI DSS? David M. Zendzian (Oct 05)
- RE: The goal of pentest by PCI DSS? Gary Everekyan (Oct 05)
- RE: The goal of pentest by PCI DSS? Taras (Oct 27)