Security Hero Rotating Header Image

Vulnerability vs. Pen test

Apr 22nd, 2009
by invalid string.

Vulnerability vs. Pen test

Posted by jlay_at_slave-tothe-box.net on Apr 22

So part of PCI DSS requirements are for a quarterly vulnerability
assessment, and a yearly pentest. My question is: is Nessus considered
just a vulnerability scanning app? Thanks.

James

————————————————————————
This list is sponsored by:…

URL: http://seclists.org/pen-test/2009/Apr/0139.html

Posted in: Security.
Tagged: · ·

5 Comments

  1. "Penetration Testing (pen-test) Mailing List" says:
    April 23, 2009 at 8:10 pm

    Re: Vulnerability vs. Pen test

    Posted by Ulises2k on Apr 24

    Yes,
    Check this:
    http://blog.tenablesecurity.com/2007/07/pci-configurati.html
    http://pcianswers.com/2007/07/11/nessus-audit-files-and-uk-petitions-to-make-pci-law/

    URL: http://seclists.org/pen-test/2009/Apr/0143.html

  2. "Penetration Testing (pen-test) Mailing List" says:
    April 24, 2009 at 1:31 am

    Re: Vulnerability vs. Pen test

    Posted by Jeffrey Walton on Apr 24

    Hi James,

    You might be interested in ‘Nessus Network Auditing’ by Carey,
    Criscuolo, and Petruzzi (ISBN 978-1-59749-208-9) in addition to
    Ulises’ references.

    Jeff

    On 4/22/09, jlay_at_slave-tothe-box.net <jlay_at_slave-tothe-box.net> wrote:
    > So part of PCI DSS requirements…

    URL: http://seclists.org/pen-test/2009/Apr/0148.html

  3. "Penetration Testing (pen-test) Mailing List" says:
    April 24, 2009 at 1:13 pm

    Re: Vulnerability vs. Pen test

    Posted by R. DuFresne on Apr 24

    Yes.

    Thanks,

    Ron DuFresne

    On Wed, 22 Apr 2009, jlay_at_slave-tothe-box.net wrote:

    > So part of PCI DSS requirements are for a quarterly vulnerability
    > assessment, and a yearly pentest. My question is: is Nessus considered
    > just a vulnerability scanning app? Thanks.
    >

    URL: http://seclists.org/pen-test/2009/Apr/0161.html

  4. "Penetration Testing (pen-test) Mailing List" says:
    April 26, 2009 at 7:58 am

    Re: Vulnerability vs. Pen test

    Posted by James Lay on Apr 26

    > So part of PCI DSS requirements are for a quarterly vulnerability
    > assessment, and a yearly pentest. My question is: is Nessus considered
    > just a vulnerability scanning app? Thanks.
    >
    > James

    Thanks for all the feedback on this. Guess my next question then is what

    URL: http://seclists.org/pen-test/2009/Apr/0163.html

  5. "Penetration Testing (pen-test) Mailing List" says:
    April 26, 2009 at 9:14 pm

    Re: Vulnerability vs. Pen test

    Posted by bartlettNSF on Apr 27

    James Lay wrote:
    >> So part of PCI DSS requirements are for a quarterly vulnerability
    >> assessment, and a yearly pentest. My question is: is Nessus considered
    >> just a vulnerability scanning app? Thanks.
    >>
    >> James
    >>
    >
    >
    > Thanks…

    URL: http://seclists.org/pen-test/2009/Apr/0171.html

Leave a Reply

Powered by WP Hashcash

Anti-Spam Protection by WP-SpamFree

Bad Behavior has blocked 133 access attempts in the last 7 days.