Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PCI compliance: vulnerability vs penetration testing


  • This topic is locked This topic is locked
1 reply to this topic

#1 ToddAndMargo

ToddAndMargo

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 03 July 2013 - 06:27 PM

Hi All,

Help!

I have a customer that is trying to jump through Trustwave's
questionnaire on PCI compliance (credit cards).  This is
their explanation of one of the required tests:  they
want both "vulnerability" and "penetration testing".  Now I don't
see the difference, but they do:

       Vulnerability scanning uses automated tools to attempt
       to discover vulnerabilities in the cardholder data
       environment.  Penetration testing goes further by
       having personnel *manually* attempt to exploit
       vulnerabilities and gaps in security the same way a
       criminal would.  Without penetration testing, you may
       know where vulnerabilities may be, but you won't know
       how deep an attacker can get or what he may be able to
       steal.

"Manually"?  How is the world does one do that?  Try to log in
with telnet?  Call the local federal prison and ask to borrow
a hacker for the day?  What can I do manually that the
"automated tools" can't?

Now I an see trying to seal the hole and retesting, but
that is not what they are asking for.  They want me
to sit down and try to breaking into the thing *the same

way a criminal would*!

AAAAAAAAAHHHHHHHHHHHHHHHHHHH!!!!!

 

What would you do in this instance?

-T


Edited by ToddAndMargo, 03 July 2013 - 06:28 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:24 AM

Posted 03 July 2013 - 07:08 PM

Since you are already receiving help here, please continue in that thread. Do not start new threads or duplicate topics as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Further, it necessitates staff spending time with housecleaning to remove those duplicate postings...time which could have been provided to others needing assistance.

Thanks for your cooperation.

This thread is closed. If you have any questions, please PM me or another Moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users