Home page logo

basics logo Security Basics mailing list archives

Re: Web Application Vulnerability Scanner
From: Brian Laing <brian () redseal net>
Date: Thu, 1 Nov 2007 13:01:21 -0700

There are multiple levels to this. If you look at https://www.pcisecuritystandards.org/pdfs/asv_report.html you can se a list of approved scanning vendors. Oddly enough nessus is not listed while rapid7 and qualys are. So while some of the vendors on this list use nessus the product itself does not qualify as an approved scanner. Hope this helps.


Brian Laing
Chief Security Officer
Cellphone:  +1 650.280.2389
Office:     +1 (888) 845-8169 Ext. 805
Email: brian () redseal net

Redseal Systems – http://www.redseal.net

Instant Visibility.  Threats Averted.

On Nov 1, 2007, at 11:43 AM, Jax Lion wrote:

My company is looking to invest on a web application vulnerability
scanner for PCI compliance.

I do not know what is the latest and greatest, but our auditor
informed us that Nessus would no longer cut it.

The scanner must satisfy PCI requirements, so if you have worked or
working on a PCI project - I'm open to recommendations.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]