Performing OWASP and PCI DSS Audits of Web Based Applications
Tenable Network Security offers solutions to perform vulnerability scanning,passive network monitoring,configuration auditing, real-time log collection and analysis of enterprise applications and networks.This paper focuses on Tenable’s Nessus vulnerability scanner performing web application audits specific to the following standards:
OWASP Top 10
This paper reflects standards described by version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS) requirements,with specific attention given to demonstrating PCI 6.5 and 6.6 compliance requirements. While Tenable focuses on performing web application tests to demonstrate compliance with PCI 6.5,running a web application firewall or performing a source code audit may also fulfill the compliance requirement.