Comments on: PCI DSS 11.3: Penetration Testing Requirements Clarified

By: Blue Host Review

Blue Host Review — Thu, 02 May 2013 21:12:41 +0000

When someone writes an article he/she maintains the idea
of a user in his/her brain that how a user can be aware of it.
So that’s why this paragraph is outstdanding. Thanks!

By: Blue Host Coupon

Blue Host Coupon — Thu, 02 May 2013 21:11:57 +0000

What’s up friends, its impressive piece of writing on the topic of cultureand completely defined, keep it up all the time.

By: Blue Host Reviews

Blue Host Reviews — Thu, 02 May 2013 21:07:03 +0000

Spot on with this write-up, I truly feel this site needs a great deal more attention.

I’ll probably be returning to read through more, thanks for the info!

By: Christian Louboutin Shoes

Christian Louboutin Shoes — Wed, 10 Apr 2013 04:19:08 +0000

Good day! Do you know if they make any plugins to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good gains. If you know of any please share. Kudos!

By: wykrywacze metalu

wykrywacze metalu — Fri, 29 Mar 2013 16:41:27 +0000

I would like to uslysht a bit a lot more on this subject

By: pracowniaarchitektonic

pracowniaarchitektonic — Tue, 26 Mar 2013 11:31:55 +0000

Does your website have a contact page? I’m having problems locating it but, I’d like to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it develop over time. pracownia architektoniczna http://www.katalogfirmy.net/340,Cdom_Budynki_uslugowe,wpis.html

By: Joseph Pierini

Joseph Pierini — Fri, 18 Nov 2011 19:06:57 +0000

Your definition of the scope is incorrect.

The scope of penetration testing is the Cardholder Data Environment (CDE) and all systems and networks connected to it. The PCI Security Standards Council defines the CDE as “The people, processes and technology that store, process or transmit cardholder data or sensitive authentication data, including any connected system components.”

As recommended by the PCI Security Standards Council’s Information Supplement: Requirement 11.3 Penetration Testing dated April 2008, testing should include locations of cardholder data, key applications that store, process, or transmit cardholder data, key network connections, key access points and other targets appropriate for the complexity and size of the organization.

Testing should not be performed inside the CDE.

By: Information Secuity

Information Secuity — Fri, 04 Nov 2011 06:33:02 +0000

India has called for global coordination to ensure that internet continues to thrive without the fear of its misuse at the London Internatinal Cyber Conference that give the nature of the task and the fact that IT networks can be attacked from anywhere in the world.

By: Mohamed Farid

Mohamed Farid — Mon, 18 May 2009 17:45:57 +0000

Regarding the external pen test – the pen tester will evaluate the Scope from the Internet or through any Public Connection …

What about the Internal Pen Testing – Will it be evaluated from the DMZ towards the Scope ( Live Production ) ? or internally from the Scope Directly ?

My Concern is Evaluating it from inside is ignoring the Firewalls and the Access-lists around the scope – and also it will give a lot of false positives which are already protected using the boundary security products.

By: Penetration Testing

Penetration Testing — Wed, 06 Aug 2008 19:26:35 +0000

What are your thoughts on situations where Operational Security and other areas of Information Security have separate reporting lines – i.e. they may have separate line management but report into the same CSO or head of security? Would it still be feasible to have non-ops infosec conducting penetration testing in your opinion?