Posts Tagged: asv

PCI: Web Redirection Servers In Scope?

It is possible that web applications previously considered out-of-scope for PCI DSS could now be in-scope under PCI DSS v3. The impact of this could be significant depending on your existing card data environment (CDE). It has long been accepted practice that any component that stores, processes or transmits cardholder data is in scope for… Read more »

10 Ways To Fail Your ASV Scan

“We know that there’s nothing more frustrating than failing your ASV scan.”   But did you know there are 10 reasons why you would automatically fail should the scan make any of the following findings? Operating system versions no longer supported by the vendor. Windows 2000, older Linux distributions. Unsupported, and therefore unpatched. Open access… Read more »

ASV Scan Interference

Just a reminder of a regular observation we make when conducting ASV scans. It’s the issue of interference from an IDS or IPS system. Whilst such systems are useful in normal production situations, they must not interfere in any way with the ASV scan. If interference is detected by the ASV scan – we have… Read more »