[Chugalug] Prepping a Linux server for PCI Compliance..
stephen at averagesecurityguy.info
Fri Mar 14 00:08:43 UTC 2014
Do you have a link to the specific requirements of the SAQ C and D testing. If not Nessus has a lot of PCI compliance checks. You will need to give the Nessus scanner root access to the box to be most effective. Nessus also has a number of builtin web application checks which will be useful. You can also use BurpSuite to scan the web site. Nessus has a free home edition which will let you test up to 10 devices. A full license will cost you $1500. BurpSuite is $299 unless you know someone that has a copy and is willing to scan the site for you. :)
Owner, ASG Consulting
On Mar 13, 2014, at 5:06 PM, Mike Harrison <cluon at geeklabs.com> wrote:
> I know there are some security nutcases on the list.. so I am asking:
> I'm setting up a system to host a simple,
> yet carefully created applications and submit it for PCI Compliance (SAQ C and maybe even SAQ D (service provider)) and am wondering what tools were available that would simulate the scans that they will be going for..
> Or should I just load up Backtrack and such and fire away?
> Which I should do anyway.. but I am looking first to emulate what they would be doing.
> Anyone out there specialize in such things (even for money)?
> Chugalug mailing list
> Chugalug at chugalug.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Chugalug