RE: The goal of pentest by PCI DSS?




No - The Pen Test shouldn't contain social engineering - but of course
there is no problem to have it too ...

Thanks ,,,
Mohamed Farid ,,,

That is wrong!

"Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications..."

To be able to fully test different controls and processes a social engineering test should be performed according to last statement. This is not something that will fail you today (I have not seen a single RoC that have failed a company because of a non-existent social engineering test yet) but there is two different worlds between "validating" PCI DSS and to be compliant. What is your goal?


/Victor Langåssve, QSA


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: Internal Penetration Testing
    ... I use the same ones that I use to test the perimeter systems of our network. ... Subject: Internal Penetration Testing ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: VMware and pen-testing
    ... Set a private IP address to the virtual network ... > a managed service can ... Download FREE whitepaper on how a managed service can ... Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. ...
    (Pen-Test)
  • Re: Best route to penetration testing learning
    ... was interested in that because it had the 'real' hands on labs and then a ... I'm new to penetration testing and recently took the CEH. ... Information Assurance Certification Review ... actually do a proper penetration test. ...
    (Pen-Test)
  • Re: IP secondary network visualization tool?
    ... IP secondary network visualization tool? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full ...
    (Pen-Test)
  • Re: Penetration Testing Password via Wireless Access
    ... Helps you to draw more trafic to the sniffer on a switched network ... Host running winxp,open ports on some of the internal host are, tcp (110, ... Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. ... You have an option to go with a managed service or an enterprise software. ...
    (Pen-Test)