[Chugalug] Prepping a Linux server for PCI Compliance..

Christopher Rimondi chris.rimondi at gmail.com
Fri Mar 14 12:27:06 UTC 2014


If money isn't an option I would pick Nessus any day over nearly every
other vulnerability scanner. However, if you want to go the free route:
http://www.openvas.org/. Like Stephen said give it root creds so it is
thorough.


On Thu, Mar 13, 2014 at 8:08 PM, AverageSecurityGuy <
stephen at averagesecurityguy.info> wrote:

> Do you have a link to the specific requirements of the SAQ C and D
> testing. If not Nessus has a lot of PCI compliance checks. You will need to
> give the Nessus scanner root access to the box to be most effective. Nessus
> also has a number of builtin web application checks which will be useful.
> You can also use BurpSuite to scan the web site. Nessus has a free home
> edition which will let you test up to 10 devices. A full license will cost
> you $1500. BurpSuite is $299 unless you know someone that has a copy and is
> willing to scan the site for you. :)
>
> --
> Stephen Haywood
> Owner, ASG Consulting
> CISSP, OSCP
> 423.305.3700
> asgconsulting.co
>
>
>
> On Mar 13, 2014, at 5:06 PM, Mike Harrison <cluon at geeklabs.com> wrote:
>
> >
> > I know there are some security nutcases on the list.. so I am asking:
> >
> > I'm setting up a system to host a simple,
> > yet carefully created applications and submit it for PCI Compliance (SAQ
> C and maybe even SAQ D (service provider)) and am wondering what tools were
> available that would simulate the scans that they will be going for..
> >
> > Or should I just load up Backtrack and such and fire away?
> >
> > Which I should do anyway.. but I am looking first to emulate what they
> would be doing.
> >
> > Anyone out there specialize in such things (even for money)?
> >
> > --Mike--
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Chugalug mailing list
> > Chugalug at chugalug.org
> > http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>


-- 
Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140314/de62e8e7/attachment.html>


More information about the Chugalug mailing list