I have found that there are several website owners and hosting companies that are either misinformed or a little confused about the differences between PCI Scanning, Vulnerability Scanning, and a Penetration Test. Because PCI scanning is required for websites to be compliant with the Payment Card Industry (PCI), it's important that those responsible for PCI compliance understand the differences. Acunetix Vulnerability Scanners will help.
To quote from the book "Achieving PCI Compliance" page 245,"A Vulnerability Scan is a simple test that looks for and reports on any vulnerabilities found within your network infrastructure. That is the extent of a vulnerability scan: Identification and reporting.
A Penetration Test is often times conducted after the vulnerability scan. A penetration test attempts to exploit one or more of the vulnerabilities identified during the vulnerability scan. A penetration test attempts to verify if an identified vulnerability is actually susceptible to being exploited."A PCI Scan is a vulnerability scan that includes not only a report of the potential ways that hackers could use to gain access to the website, but it also outlines a solution for repairing or removing the vulnerability. If you run it, and there are no security issues, a penetration test is not necessary.
For PCI scanning to be compliant, at a minimum it must be run against the internal and external networks on a quarterly basis. It also must be run after any significant changes in the network like installations, changes in network topology, firewall rule modifications, product upgrades, etc. It is important to have some kind of vulnerability scanner if you have a business online.
Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published. If you are looking for website security for your home business or online business, a vulnerability scanner is what you need. Acunetix Vulnerability Scanner will help keep your website safe.
To quote from the book "Achieving PCI Compliance" page 245,"A Vulnerability Scan is a simple test that looks for and reports on any vulnerabilities found within your network infrastructure. That is the extent of a vulnerability scan: Identification and reporting.
A Penetration Test is often times conducted after the vulnerability scan. A penetration test attempts to exploit one or more of the vulnerabilities identified during the vulnerability scan. A penetration test attempts to verify if an identified vulnerability is actually susceptible to being exploited."A PCI Scan is a vulnerability scan that includes not only a report of the potential ways that hackers could use to gain access to the website, but it also outlines a solution for repairing or removing the vulnerability. If you run it, and there are no security issues, a penetration test is not necessary.
For PCI scanning to be compliant, at a minimum it must be run against the internal and external networks on a quarterly basis. It also must be run after any significant changes in the network like installations, changes in network topology, firewall rule modifications, product upgrades, etc. It is important to have some kind of vulnerability scanner if you have a business online.
Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published. If you are looking for website security for your home business or online business, a vulnerability scanner is what you need. Acunetix Vulnerability Scanner will help keep your website safe.
About the Author:
Learn more about Acunetix. Stop by Kate Bailey's site where you can find out all about Acunetix Vulnerability Scanners and what they can do for you.
0 comments:
Post a Comment