[WEB SECURITY] [Web Security] Can a PADSS certified system be hacked
rajats at gmail.com
Fri Jun 14 16:23:54 EDT 2013
Not all PA-QSAs are created equal. Penetration tests are mostly black-box
(unless you choose a white/gray box test specifically). In such tests, some
vulnerabilities are sure to be missed. But the keyword here is *some*.
Seems like the PA-QSA company did not do the assessment properly and went
ahead with whatever would fly.
So the answer is you need to change your PA-QSA vendor.
On Tue, May 28, 2013 at 8:43 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:
> On Wed, May 29, 2013 at 12:18 AM, Steve Kerns <Steve.Kerns at netspi.com>
> > I am curious, what company did the PA-DSS validation?
> I have to agree with Steve (and others) here that we need to know if
> the person and or company was qualified to do so i.e.
> Also, if you could indicate which application(s) you are referring to
> that are listed on
> would be helpful too?
> Christian Heinrich
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity