Application Security Assessments
Validation Services Overview
Vulnerability Scans
Quarterly scans of external and internal IP addresses (required by the PCI DSS) to ensure that configurations remain secure and that the required software patches are in place.
A best practice for any organization, regular scanning of both internal and external IP addresses in your environment tests for network / OS layer vulnerability scanning as well as application layer (primarily web app) The PCI DSS requires quarterly scanning of external IPs by an Approved Scanning Vendor (ASV) to generate reports that get submitted to the acquiring bank. Quarterly internal scans are also required as part of regular validation but the results of these do not need to be officially submitted.
See also ASV (Approved Scanning Vendor)
