Posts Categorized: ASV

ASV Scan Responsibilities

Approved Scanning Vendor

The ASV Program Guide describes the various responsibilities for all parties involved in the PCI ASV Scanning process. There are a number of parties, but here we’re just concentrating on two. They are the scan customer (you) and the Approved Scanning Vendor (Ambersail). The following text is taken from the official ASV program guide, which… Read more »

5 Essential Tips For Those New To A PCI Scan

PCI scan for weaknesses

Recently, we have started with a significant number of new clients on ASV scanning projects. This is the PCI scan on networks that needs to be performed by merchants and service providers. Nothing new in that. We have been an ASV for over ten years. What has caught our eye is what has prompted these… Read more »

PCI: Your eCommerce Web Sites Are In Scope

“Essentially, all merchant eCommerce sites that previously escaped mandatory security assessment can no longer be overlooked.” We now anticipate that many small merchants will find their web sites in scope for PCI compliance under PCI DSS v3. We wrote earlier this year concerning the potential for scope changes brought about by PCI DSS v3. Now that the official v3 SAQ documents… Read more »

10 Ways To Fail Your ASV Scan

“We know that there’s nothing more frustrating than getting a failure mark on your quarterly scan report.”   But did you know there are 10 reasons why you would automatically fail should the scan make any of the following findings? Operating system versions no longer supported by the vendor. Windows 2000, older Linux distributions. Unsupported,… Read more »

ASV Scan Interference

Just a reminder of a regular observation we make when conducting ASV scans. It’s the issue of interference from an IDS or IPS system. Whilst such systems are useful in normal production situations, they must not interfere in any way with the ASV scan. If interference is detected by the ASV scan – we have… Read more »

Taming The BEAST

This is a follow-up post to our previous article on the subject. Here we offer technical assistance to those of you trying to fix the BEAST vulnerability, and offer some mitigation practices. The problem revolves around a vulnerability identified years ago in TLSv1 and SSLv3 protocol CBC mode ciphers (the stronger ciphers). This issue was fixed in… Read more »

ASV Reports: The BEAST Inside

Many of our ASV customers are seeing scan reports making reference to a “BEAST” attack susceptibility. But what is it, and more importantly, how can you fix it? The bad news is that our ASV scan report is informing you that the strong encryption on your “secure” web server could be rendered useless and your… Read more »

ASV Scanning: Roles & Responsibilities

Since we moved to the new ASV Program Guide v1.0 procedure last year, we’ve answered numerous questions from customers about the new reports and associated procedures as mandated by the Program Guide. For the most part, “Why are you doing this?” is the most commonly asked question! Rather than insisting that you read the entire… Read more »