The nutshell is that there is not any particular NVT to use for PCI in Openvas, but you should be using anything that can apply to your environment.
What we do at my company is throw the kitchen sink (meaing run all checks) at our in-scope environment and then work from there weeding out false positives or anything that does not apply. Once you have a set of NVTs to run, you can see if you would pass or fail. Any verified vulnerability with a CVSS score of 4 or a "medium" (this is aligned with the NVD scale) is an automatic PCI fail. It is imporant to scope your scans properly so you can correctly prioritize what to fix. Common/Required PCI checks include: - XSS - Weak ciphers - Default logins - Devices with no logins - SQL Injection - Missing critical security patches (a la OpenSSL) Some more extra reading: https://community.qualys.com/thread/1530 > Hi Rene, > > check if this page(s) can be useful: > http://www.greenbone.net/learningcenter/pci_dss.html > > Best regards, > Fabrizio > > On Sun, Aug 10, 2014 at 3:43 PM, Rene Behring <[email protected]> > wrote: >> Hey, >> >> are there NVTs to check pci compliance? (IT-Grundschutz?) >> >> Thanks, >> Rene >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > -- > "The intuitive mind is a sacred gift and the rational mind is a > faithful servant. We have created a society that honors the servant > and has forgotten the gift." (A. Einstein) > > "La mente intuitiva è un dono sacro e la mente razionale è un fedele > servo. Noi abbiamo creato una società che onora il servo e ha > dimenticato il dono." (A. Einstein) > > Fabrizio Di Carlo > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > ------------------------------ Geoff Galitz http://www.galitz.org _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
