Chapter 9

Vulnerability Management

Information in this chapter:

• PCI DSS Requirements Covered

• Vulnerability Management in PCI

• Requirement 5 Walk-Through

• Requirement 6 Walk-Through

• Requirement 11 Walk-Through

• Internal Vulnerability Scanning

• Common PCI Vulnerability Management Mistakes

• Case Study

Before we discuss Payment Card Industry (PCI) requirements related to vulnerability management in depth and find out what technical and nontechnical safeguards are prescribed there and how to address them, we need to address one underlying and confusing issue of defining some of the terms that the PCI Data Security Standard (DSS) documentation relies upon.

These are as follows:

• Vulnerability assessment;

• Penetration testing;

• Testing ...

Get PCI Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.