Free PCI Compliance Scan

I need a free PCI compliance scan? Any suggestions?

Thanks!
LVL 16
s8webAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf
As you can see, no one would do this for free, they have to scan you wireless, and they have to scan all your internal and external hosts. You should also note, that there is no absolute compliance in these types of scan's, you will always get a 1 or higher (1 and 2 are nearly the same) these scan's are also poorly defined, read that document it's abysmal.
Then you should call one or more of the 152 approved PCI ASV's found here:
https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php
Do not call anyone else.
Here is the standard: https://www.pcisecuritystandards.org/security_standards/documents.php?agreements=pcidss&assocation=PCI%20DSS
If your not storing or routing the credit card information, your not bound to PCI, if you have a "shopping cart" that is outsourced (like using pay-pal, google-checkout or others) then you don't have to be PCI compliant.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
coreybryantCommented:
http://hackerguardian.com/ from Comodo offers a free one but remember, (as pointed out), most of them are trying to sell you something.

First, determine why you need to be PCI compliant, and level.  A lot of companies do not need to have an onsite inspection, they can complete the self-assessment questionnaire.  

Read version 2 though: http://pci-dss.mymerchantaccountblog.com/pci-dss-v2.pdf, Version 1 "expires" on 31 Dec 2011.
0
btanExec ConsultantCommented:
Free pco dss scan is actually quite avail with most security vendors and they meted if out as free trial. Importantly, it os the follow through and the ability to interpret what next frm the report generated. Suggest to also engage a qsa or forum of expert to better understand the llan of actions.

 http://www.pcicompliancesaq.com/Free_PCI_Scanning_is_it_Worth_it

 http://www.ncircle.com/index.php?s=products_pci-compliance
0
s8webAuthor Commented:
Thanks for the input. Overall I think that the PCI compliance process is a good thing. Someone should press developers and merchants to secure their stuff. The problem I have is that a fair amount of money and time has gone into this, and frankly; it doesn't cost someone much to run an automated penetration test on a site. Since compliance is required, there should be a no cost solution to developers that allows them to run an automated test to see if their application and environment is buttoned down before releasing the product to their customer or unleashing it on the world. The end user would benefit too. Waiting for the authority to come by and scan your stuff takes a few months. This creates a '0-day' scenario for both merchants and customers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
E-Commerce

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.