Vulnerability Scanning Criteria

Vulnerability scanners identify vulnerabilities and misconfigurations of web sites, servers and other devices on a network. They are crucial tools for security analysis.Vulnerability management is a key element of PCI DSS compliance. The PCI Standards Council has mandated that vulnerability scanners undergo evaluation and certification in order to be approved for use in auditing PCI networks.

NSS Lab’s host environment contains a variety of known versions of operating systems, network services, and applications at varying patch and hardening levels. This environment is ideally suited for testing commercial-grade scanning tools and commonly deployed open source scanners in a reliable, scalable, repeatable fashion:

- System identification accuracy and completeness
- Security profile (open services, default accounts, improper configuration)
- False Positive Detection (hardened systems)
- System Impact Analysis
- Performance (scanning of 10,000+ hosts)

Subscribe to eNews

Get notified of new reports and other topics!

Name:

Email:

Quick Links

"NSS Labs reports help us internally deploy security products that meet PCI compliance requirements, as well as helping our merchant population"

Tom Landsness
VP of Operations
Kincaid Technologies, Inc

nsslabs.com