دانلود کتاب PCI Data Security Standard (PCI DSS) - Information Supplement: Penetration Testing Guidance
by Penetration Test Guidance Special Interest Group
|
عنوان فارسی: PCI استاندارد امنیت اطلاعات (PCI DSS) - اطلاعات مکمل: تست نفوذ راهنمایی |
دانلود کتاب
جزییات کتاب
The guidance focuses on the following:
Penetration Testing Components: Understanding of the different components that make up a penetration test and how this differs from a vulnerability scan including scope, application and network- layer testing, segmentation checks, and social engineering.
Qualifications of a Penetration Tester: Determining the qualifications of a penetration tester, whether internal or external, through their past experience and certifications.
Penetration Testing Methodologies: Detailed information related to the three primary parts of a penetration test: pre-engagement, engagement, and post-engagement.
Penetration Testing Reporting Guidelines: Guidance for developing a comprehensive penetration test report that includes the necessary information to document the test as well as a checklist that can be used by the organization or the assessor to verify whether the necessary content is included.
The information in this document is intended as supplemental guidance and does not supersede, replace, or extend PCI DSS requirements. While all references made in this document are to PCI DSS version 3.0, the general principles and practices offered here may be applied to any version of PCI DSS.
This guidance is intended for entities that are required to conduct a penetration test whether they use an internal or external resource. In addition, this document is intended for companies that specialize in offering penetration test services, and for assessors who help scope penetration tests and review final test reports. The guidance is applicable to organizations of all sizes, budgets, and industries.