Chapter 9

Vulnerability Management

Information in this chapter:

• PCI DSS Requirements Covered

• Vulnerability Management in PCI

• Requirement 5 Walk-Through

• Requirement 6 Walk-Through

• Requirement 11 Walk-Through

• Internal Vulnerability Scanning

• Common PCI Vulnerability Management Mistakes

• Case Study

Before we discuss Payment Card Industry (PCI) requirements related to vulnerability management in depth and find out what technical and nontechnical safeguards are prescribed there and how to address them, we need to address one underlying and confusing issue of defining some of the terms that the PCI Data Security Standard (DSS) documentation relies upon.

These are as follows:

• Vulnerability assessment;

• Penetration testing;

• Testing ...

Get PCI Compliance, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.