Security Hero Rotating Header Image

Vulnerability vs. Pen test

Vulnerability vs. Pen test

Posted by jlay_at_slave-tothe-box.net on Apr 22

So part of PCI DSS requirements are for a quarterly vulnerability
assessment, and a yearly pentest. My question is: is Nessus considered
just a vulnerability scanning app? Thanks.

James

————————————————————————
This list is sponsored by:…

URL: http://seclists.org/pen-test/2009/Apr/0139.html

5 Comments

  1. "Penetration Testing (pen-test) Mailing List" says:

    Re: Vulnerability vs. Pen test

    Posted by Jeffrey Walton on Apr 24

    Hi James,

    You might be interested in ‘Nessus Network Auditing’ by Carey,
    Criscuolo, and Petruzzi (ISBN 978-1-59749-208-9) in addition to
    Ulises’ references.

    Jeff

    On 4/22/09, jlay_at_slave-tothe-box.net <jlay_at_slave-tothe-box.net> wrote:
    > So part of PCI DSS requirements…

    URL: http://seclists.org/pen-test/2009/Apr/0148.html

  2. "Penetration Testing (pen-test) Mailing List" says:

    Re: Vulnerability vs. Pen test

    Posted by R. DuFresne on Apr 24

    Yes.

    Thanks,

    Ron DuFresne

    On Wed, 22 Apr 2009, jlay_at_slave-tothe-box.net wrote:

    > So part of PCI DSS requirements are for a quarterly vulnerability
    > assessment, and a yearly pentest. My question is: is Nessus considered
    > just a vulnerability scanning app? Thanks.
    >

    URL: http://seclists.org/pen-test/2009/Apr/0161.html

  3. "Penetration Testing (pen-test) Mailing List" says:

    Re: Vulnerability vs. Pen test

    Posted by James Lay on Apr 26

    > So part of PCI DSS requirements are for a quarterly vulnerability
    > assessment, and a yearly pentest. My question is: is Nessus considered
    > just a vulnerability scanning app? Thanks.
    >
    > James

    Thanks for all the feedback on this. Guess my next question then is what

    URL: http://seclists.org/pen-test/2009/Apr/0163.html

  4. "Penetration Testing (pen-test) Mailing List" says:

    Re: Vulnerability vs. Pen test

    Posted by bartlettNSF on Apr 27

    James Lay wrote:
    >> So part of PCI DSS requirements are for a quarterly vulnerability
    >> assessment, and a yearly pentest. My question is: is Nessus considered
    >> just a vulnerability scanning app? Thanks.
    >>
    >> James
    >>
    >
    >
    > Thanks…

    URL: http://seclists.org/pen-test/2009/Apr/0171.html

Leave a Reply

Your email address will not be published. Required fields are marked *