Re: Recommendation for a Good Vulnerability Scanning Service?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Feb 18, 2011 at 2:20 PM, Michael B Allen <ioplex@xxxxxxxxx> wrote:
> Hi,
>
> Can someone recommend a good vulnerability scanning service? I just
> need the minimum for PCI compliance (it's a sort of credit card
> processing certification).
>
> I got a free scan from https://www.hackerguardian.com/ and their scan
> reported a number of "Fail" results. I haven't checked them all yet
> but most seem to be things for which fixes were backported looong ago
> by The Upstream Vendor.
>
> I haven't spoken with the hackerguardian people yet but it would be
> nice if I could just say "I'm using CentOS 5.5" and have them factor
> that into their report so that I can focus on any real issues. Are
> there vulnerability scanning services that are more or less
> sophisticated about this?
>
> Thanks,
> Mike


I have used Applied Trust (http://www.appliedtrust.com/) and they are
smart about their scans.  They don't just check version numbers.  I'm
not sure if they do PCI compliance testing, so you'll have to do
further research.  They do use Nessus as part of the testing, but the
goal of testing is not for you to find the holes and patch them, it's
to have a report from someone else that says you did.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux