Home page logo

basics logo Security Basics mailing list archives

Re: Web Application Vulnerability Scanner
From: Erin Carroll <amoeba () amoebazone com>
Date: Thu, 1 Nov 2007 20:08:04 +0000 (UTC)


There are multiple commercial solutions available which would satisfy your PCI requirements; WebInspect, Qualys, WatchGuard to name a few of the Best of Breed. However, the best choice really depends on your internal security expertise and ability to translate tool results output to PCI compliant-ese or the tool's built-in reporting capabilities.

My personal recommendation would be WebInspect on the strength of the tool from a purely security focus but if you are looking for plug n play solution which outputs results in PCI format to run past your auditors your best bet may be Qualys.

Hope that helps some. If you have more questions please feel free to ping me off-list.

Erin Carroll
Moderator, SecurityFocus pen-test mailing list

On Thu, 1 Nov 2007, Jax Lion wrote:

My company is looking to invest on a web application vulnerability
scanner for PCI compliance.

I do not know what is the latest and greatest, but our auditor
informed us that Nessus would no longer cut it.

The scanner must satisfy PCI requirements, so if you have worked or
working on a PCI project - I'm open to recommendations.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]