[WEB SECURITY] [Web Security] Can a PADSS certified system be hacked

sarvesh shete sarvesh.sse at gmail.com
Sat Jun 15 00:00:39 EDT 2013


Yes, now I got all my doubts clear. Thanx everyone!
On Jun 15, 2013 1:53 AM, "rajat swarup" <rajats at gmail.com> wrote:

> Not all PA-QSAs are created equal.  Penetration tests are mostly black-box
> (unless you choose a white/gray box test specifically). In such tests, some
> vulnerabilities are sure to be missed.  But the keyword here is *some*.
> Seems like the PA-QSA company did not do the assessment properly and went
> ahead with whatever would fly.
> So the answer is you need to change your PA-QSA vendor.
>
> Thanks,
> Rajat.
>
>
> On Tue, May 28, 2013 at 8:43 PM, Christian Heinrich <
> christian.heinrich at cmlh.id.au> wrote:
>
>> Sarvesh,
>>
>> On Wed, May 29, 2013 at 12:18 AM, Steve Kerns <Steve.Kerns at netspi.com>
>> wrote:
>> > I am curious, what company did the PA-DSS validation?
>>
>> I have to agree with Steve (and others) here that we need to know if
>> the person and or company was qualified to do so i.e.
>>
>> https://www.pcisecuritystandards.org/approved_companies_providers/payment_application_qsas.php
>> ?
>>
>> Also, if you could indicate which application(s) you are referring to
>> that are listed on
>>
>> https://www.pcisecuritystandards.org/approved_companies_providers/vpa_agreement.php
>> would be helpful too?
>>
>>
>> --
>> Regards,
>> Christian Heinrich
>>
>> http://cmlh.id.au/contact
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>>
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>
>
>
>
> --
> Rajat Swarup
> www.rajatswarup.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130615/7d5b5626/attachment-0003.html>


More information about the websecurity mailing list