Okay Thanks, that helps. I have read the link from greenbone before and thought that the PCI Compliance is the Scan itself. And funny that you posted the link from qualys because i am comparing qualys and openvas for my bachelor thesis.
Thanks, Rene Am 12.08.2014 um 16:09 schrieb Geoff Galitz <[email protected]>: > > > The nutshell is that there is not any particular NVT to use for PCI in > Openvas, but you should be using anything that can apply to your > environment. > > What we do at my company is throw the kitchen sink (meaing run all checks) > at our in-scope environment and then work from there weeding out false > positives or anything that does not apply. > > Once you have a set of NVTs to run, you can see if you would pass or fail. > Any verified vulnerability with a CVSS score of 4 or a "medium" (this is > aligned with the NVD scale) is an automatic PCI fail. It is imporant to > scope your scans properly so you can correctly prioritize what to fix. > > Common/Required PCI checks include: > > - XSS > - Weak ciphers > - Default logins > - Devices with no logins > - SQL Injection > - Missing critical security patches (a la OpenSSL) > > Some more extra reading: > > https://community.qualys.com/thread/1530 > > > > >> Hi Rene, >> >> check if this page(s) can be useful: >> http://www.greenbone.net/learningcenter/pci_dss.html >> >> Best regards, >> Fabrizio >> >> On Sun, Aug 10, 2014 at 3:43 PM, Rene Behring <[email protected]> >> wrote: >>> Hey, >>> >>> are there NVTs to check pci compliance? (IT-Grundschutz?) >>> >>> Thanks, >>> Rene >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> >> >> >> -- >> "The intuitive mind is a sacred gift and the rational mind is a >> faithful servant. We have created a society that honors the servant >> and has forgotten the gift." (A. Einstein) >> >> "La mente intuitiva è un dono sacro e la mente razionale è un fedele >> servo. Noi abbiamo creato una società che onora il servo e ha >> dimenticato il dono." (A. Einstein) >> >> Fabrizio Di Carlo >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> >> > > > ------------------------------ > Geoff Galitz > http://www.galitz.org > _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
