Comments on: Vulnerability vs. Pen test http://sechero.com/vulnerability-vs-pen-test/ If it's about security, you heard it here first Sat, 30 May 2009 10:40:51 +0000 hourly 1 By: "Penetration Testing (pen-test) Mailing List" http://sechero.com/vulnerability-vs-pen-test/comment-page-1/#comment-252 "Penetration Testing (pen-test) Mailing List" Mon, 27 Apr 2009 04:14:30 +0000 http://sechero.com/vulnerability-vs-pen-test/#comment-252 <p></p> <p><h1><a href="http://seclists.org/pen-test/2009/Apr/0171.html">Re: Vulnerability vs. Pen test</a></h1></p> <p>Posted by bartlettNSF on Apr 27<p></p> <p> <p> James Lay wrote: <br /> >> So part of PCI DSS requirements are for a quarterly vulnerability <br /> >> assessment, and a yearly pentest. My question is: is Nessus considered <br /> >> just a vulnerability scanning app? Thanks. <br /> >> <br /> >> James <br /> >> <br /> > <br /> > <br /> > Thanks...<p>URL: <a href="http://seclists.org/pen-test/2009/Apr/0171.html">http://seclists.org/pen-test/2009/Apr/0171.html</a></p></p> <p></p> <p></p>

Re: Vulnerability vs. Pen test

Posted by bartlettNSF on Apr 27

James Lay wrote:
>> So part of PCI DSS requirements are for a quarterly vulnerability
>> assessment, and a yearly pentest. My question is: is Nessus considered
>> just a vulnerability scanning app? Thanks.
>>
>> James
>>
>
>
> Thanks…

URL: http://seclists.org/pen-test/2009/Apr/0171.html

]]> By: "Penetration Testing (pen-test) Mailing List" http://sechero.com/vulnerability-vs-pen-test/comment-page-1/#comment-249 "Penetration Testing (pen-test) Mailing List" Sun, 26 Apr 2009 14:58:54 +0000 http://sechero.com/vulnerability-vs-pen-test/#comment-249 <p></p> <p><h1><a href="http://seclists.org/pen-test/2009/Apr/0163.html">Re: Vulnerability vs. Pen test</a></h1></p> <p>Posted by James Lay on Apr 26<p></p> <p> <p> > So part of PCI DSS requirements are for a quarterly vulnerability <br /> > assessment, and a yearly pentest. My question is: is Nessus considered <br /> > just a vulnerability scanning app? Thanks. <br /> > <br /> > James <br /> <p><p>Thanks for all the feedback on this. Guess my next question then is what <br />...<p>URL: <a href="http://seclists.org/pen-test/2009/Apr/0163.html">http://seclists.org/pen-test/2009/Apr/0163.html</a></p></p> <p></p> <p></p>

Re: Vulnerability vs. Pen test

Posted by James Lay on Apr 26

> So part of PCI DSS requirements are for a quarterly vulnerability
> assessment, and a yearly pentest. My question is: is Nessus considered
> just a vulnerability scanning app? Thanks.
>
> James

Thanks for all the feedback on this. Guess my next question then is what

URL: http://seclists.org/pen-test/2009/Apr/0163.html

]]> By: "Penetration Testing (pen-test) Mailing List" http://sechero.com/vulnerability-vs-pen-test/comment-page-1/#comment-246 "Penetration Testing (pen-test) Mailing List" Fri, 24 Apr 2009 20:13:01 +0000 http://sechero.com/vulnerability-vs-pen-test/#comment-246 <p></p> <p><h1><a href="http://seclists.org/pen-test/2009/Apr/0161.html">Re: Vulnerability vs. Pen test</a></h1></p> <p>Posted by R. DuFresne on Apr 24<p></p> <p> <p> <p><p><p>Yes. <br /> <p>Thanks, <br /> <p>Ron DuFresne <br /> <p>On Wed, 22 Apr 2009, jlay_at_slave-tothe-box.net wrote: <br /> <p>> So part of PCI DSS requirements are for a quarterly vulnerability <br /> > assessment, and a yearly pentest. My question is: is Nessus considered <br /> > just a vulnerability scanning app? Thanks. <br /> > <br /> ...<p>URL: <a href="http://seclists.org/pen-test/2009/Apr/0161.html">http://seclists.org/pen-test/2009/Apr/0161.html</a></p></p> <p></p> <p></p>

Re: Vulnerability vs. Pen test

Posted by R. DuFresne on Apr 24

Yes.

Thanks,

Ron DuFresne

On Wed, 22 Apr 2009, jlay_at_slave-tothe-box.net wrote:

> So part of PCI DSS requirements are for a quarterly vulnerability
> assessment, and a yearly pentest. My question is: is Nessus considered
> just a vulnerability scanning app? Thanks.
>

URL: http://seclists.org/pen-test/2009/Apr/0161.html

]]> By: "Penetration Testing (pen-test) Mailing List" http://sechero.com/vulnerability-vs-pen-test/comment-page-1/#comment-236 "Penetration Testing (pen-test) Mailing List" Fri, 24 Apr 2009 08:31:41 +0000 http://sechero.com/vulnerability-vs-pen-test/#comment-236 <p></p> <p><h1><a href="http://seclists.org/pen-test/2009/Apr/0148.html">Re: Vulnerability vs. Pen test</a></h1></p> <p>Posted by Jeffrey Walton on Apr 24<p></p> <p> <p> Hi James, <br /> <p>You might be interested in 'Nessus Network Auditing' by Carey, <br /> Criscuolo, and Petruzzi (ISBN 978-1-59749-208-9) in addition to <br /> Ulises' references. <br /> <p>Jeff <br /> <p>On 4/22/09, jlay_at_slave-tothe-box.net <jlay_at_slave-tothe-box.net> wrote: <br /> > So part of PCI DSS requirements...<p>URL: <a href="http://seclists.org/pen-test/2009/Apr/0148.html">http://seclists.org/pen-test/2009/Apr/0148.html</a></p></p> <p></p> <p></p>

Re: Vulnerability vs. Pen test

Posted by Jeffrey Walton on Apr 24

Hi James,

You might be interested in ‘Nessus Network Auditing’ by Carey,
Criscuolo, and Petruzzi (ISBN 978-1-59749-208-9) in addition to
Ulises’ references.

Jeff

On 4/22/09, jlay_at_slave-tothe-box.net <jlay_at_slave-tothe-box.net> wrote:
> So part of PCI DSS requirements…

URL: http://seclists.org/pen-test/2009/Apr/0148.html

]]> By: "Penetration Testing (pen-test) Mailing List" http://sechero.com/vulnerability-vs-pen-test/comment-page-1/#comment-230 "Penetration Testing (pen-test) Mailing List" Fri, 24 Apr 2009 03:10:54 +0000 http://sechero.com/vulnerability-vs-pen-test/#comment-230 <p></p> <p><h1><a href="http://seclists.org/pen-test/2009/Apr/0143.html">Re: Vulnerability vs. Pen test</a></h1></p> <p>Posted by Ulises2k on Apr 24<p></p> <p> <p> Yes, <br /> Check this: <br /> http://blog.tenablesecurity.com/2007/07/pci-configurati.html <br /> http://pcianswers.com/2007/07/11/nessus-audit-files-and-uk-petitions-to-make-pci-law/ <br /> <p><p>URL: <a href="http://seclists.org/pen-test/2009/Apr/0143.html">http://seclists.org/pen-test/2009/Apr/0143.html</a></p></p> <p></p> <p></p>

Re: Vulnerability vs. Pen test

Posted by Ulises2k on Apr 24

Yes,
Check this:
http://blog.tenablesecurity.com/2007/07/pci-configurati.html
http://pcianswers.com/2007/07/11/nessus-audit-files-and-uk-petitions-to-make-pci-law/

URL: http://seclists.org/pen-test/2009/Apr/0143.html

]]>