[Chugalug] Prepping a Linux server for PCI Compliance..

AverageSecurityGuy stephen at averagesecurityguy.info
Fri Mar 14 00:08:43 UTC 2014


Do you have a link to the specific requirements of the SAQ C and D testing. If not Nessus has a lot of PCI compliance checks. You will need to give the Nessus scanner root access to the box to be most effective. Nessus also has a number of builtin web application checks which will be useful. You can also use BurpSuite to scan the web site. Nessus has a free home edition which will let you test up to 10 devices. A full license will cost you $1500. BurpSuite is $299 unless you know someone that has a copy and is willing to scan the site for you. :)

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co



On Mar 13, 2014, at 5:06 PM, Mike Harrison <cluon at geeklabs.com> wrote:

> 
> I know there are some security nutcases on the list.. so I am asking:
> 
> I'm setting up a system to host a simple,
> yet carefully created applications and submit it for PCI Compliance (SAQ C and maybe even SAQ D (service provider)) and am wondering what tools were available that would simulate the scans that they will be going for..
> 
> Or should I just load up Backtrack and such and fire away?
> 
> Which I should do anyway.. but I am looking first to emulate what they would be doing.
> 
> Anyone out there specialize in such things (even for money)?
> 
> --Mike--
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140313/a56dede4/attachment.pgp>


More information about the Chugalug mailing list