PCI Vulnerability Validation Report



Similar documents
ASV Scan Report Attestation of Scan Compliance

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Executive Report 08/04/2014

PCI-DSS Penetration Testing

Sample Vulnerability Management Policy

PCI DSS Reporting WHITEPAPER

Payment Card Industry (PCI) Executive Report 10/27/2015

How To Use Qqsguard At The University Of Minneapolis

CDM Vulnerability Management (VUL) Capability

Document No.: VCSATSP Vulnerability and Penetration Testing Policy Revision: 7.0

Payment Card Industry (PCI) Data Security Standard

INFORMATION SECURITY TESTING

Software Vulnerability Assessment

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

PCI Compliance Considerations

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Integrated Threat & Security Management.

PCI DSS v3.0 Vulnerability & Penetration Testing

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

PCI Compliance. Network Scanning. Getting Started Guide

PCI DSS Top 10 Reports March 2011

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

Keeping your data yours

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Vulnerability Management

The McAfee SECURE TM Standard

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

SAST, DAST and Vulnerability Assessments, = 4

Information for merchants. Program implementation details for merchants. Payment Card Industry Data Security Standard (PCI DSS)

CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

PCI Security Scan Procedures. Version 1.0 December 2004

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

WHITEPAPER. Nessus Exploit Integration

McAfee Vulnerability Manager 7.0.2

8 Steps for Network Security Protection

8 Steps For Network Security Protection

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Vulnerability Scans Remote Support 15.1

The Leader in Cloud Security SECURITY ADVISORY

NETWORK PENETRATION TESTING

E-SPIN PCI Compliancy Solution

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Securing OS Legacy Systems Alexander Rau

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

IBM Managed Security Services Vulnerability Scanning:

Information Security Office

CONTENTS. PCI DSS Compliance Guide

Client-Side Penetration Test Report

IT Security & Compliance. On Time. On Budget. On Demand.

How To Test For Security On A Network Without Being Hacked

VULNERABILITY MANAGEMENT

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

Client Security Risk Assessment Questionnaire

Web Applications The Hacker s New Target

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Network Security and Vulnerability Assessment Solutions

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

What is Penetration Testing?

Proactive Vulnerability Management Using Rapid7 NeXpose

End-user Security Analytics Strengthens Protection with ArcSight

PCI Compliance. Top 10 Questions & Answers

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Security Vulnerability Management. Mark J Cox

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

FREQUENTLY ASKED QUESTIONS

Windows Server 2003 End of Support. What does it mean? What are my options?

1 Scope of Assessment

White Paper. Understanding NIST FISMA Requirements

Your Compliance Classification Level and What it Means

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Transcription:

Friday, March 9, 013 PCI Vulnerability Validation Report Introduction This report shows the results of a vulnerability validation tests conducted by CORE Impact Professional Professional in support of the vulnerability management process referenced in the Payment Card Industry Data Security Standard (PCI DSS). This report and the vulnerability validation process are controls to help you manage vulnerabilities efficiently and intelligently in response to PCI DSS requirements. It does not guarantee that you can obtain PCI DSS certification. The PCI DSS calls for initial and regular vulnerability assessment scans to be conducted by Approved Scanning Vendors (ASV) to obtain and maintain PCI Certification. ASVs use some combination of commercial, open-source, and/or customized scanning tools to conduct network-based vulnerability scans. The results from the scans then need to be further audited to remove reported vulnerabilities that are false positives or have a compensating control in place to mitigate the vulnerability. The detailed results of the tests conducted to validate the reported vulnerability scans are included below. Reported vulnerabilities, affected targets, and the associated CVEs are imported from one of several supported market leading vulnerability scanners. For reported vulnerabilities where there is an exploit avalible, the targets are validated to ensure that they are susceptible to the reported vulnerability. A compromised target is proof positive of a major issue that must be resolved before obtaining PCI DSS certification. Vulnerabilities are sorted and grouped by exploits status: - Exploit Successful: this indicates CORE Impact Professional has an exploit for the identified, potential vulnerability; it was attempted by CORE Impact Professional and subsequently confirmed to have been successful against the target attempted. - Exploit Failed: this indicates CORE Impact Professional has an exploit for the identified, potential vulnerability; it was attempted by CORE Impact Professional and subsequently confirmed to have not been successful against the target attempted. - Exploit Not Attempted: CORE Impact Professional does have the exploit, but either the configuration of the test meant CORE Impact Professional was not able to attempt the exploit (i.e. exploits within CORE Impact Professional that have the potential to leave the targeted service unavailable) or the exploit is a DoS exploit, which are never attempted by automated components of CORE Impact Professional. Summary of vulnerability validation process 60.00% 0.00% 6.67% 13.33% Successful Failed Not Attempted Not Available CORE Impact Professional - PCI Vulnerability Validation Report Page 1

Workspace Summary Name: Started: Finished: Exact Time: Running Time: PCI Audit Q 013 3/9/013 1:53:00PM 3/9/013 1:49:43PM 56 minutes 43 seconds 5 minutes 59 seconds Details of vulnerability validation process Exploits Successful CVE-008-4038 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) CVE-010-79 Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) CORE Impact Professional - PCI Vulnerability Validation Report Page

9.30 (HIGH) Medium Host: /19.168.13.77 [WIN1377] CVE-010-79 Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) 9.30 (HIGH) Medium Exploits Failed CVE-008-450 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) CORE Impact Professional - PCI Vulnerability Validation Report Page 3

Exploits Not Attempted CVE-008-4038 Microsoft Windows SMB Buffer Underflow DoS (MS08-063) CVE-008-4834 Microsoft Windows SMB Trans Buffer Overflow DoS (MS09-001) CORE Impact Professional - PCI Vulnerability Validation Report Page 4

Exploits Not Available Host: /19.168.13.44 CVE-1999-066 CVE-01-5886 CVE-01-5887 NOCVE-9999-35969 CVE-008-4114 CVE-008-4835 CVE-008-4841 CVE-010-163 CVE-011-0041 CORE Impact Professional - PCI Vulnerability Validation Report Page 5

Index Content Summary of vulnerability validation process Workspace Summary (PCI Audit Q 013) Details of vulnerability validation process Exploits Successful - Host: /19.168.13.77 Exploits Failed Exploits Not Attempted Exploits Not Available - Host: /19.168.13.44 Page 1 3 3 3 4 4 5 5 5 CORE Impact Professional - PCI Vulnerability Validation Report Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information