Re: PCI DSS is NOT a joke - WRONG!!!
Ummmm ..... yes it is! I have tested 2 ASVs (Tenable and Qualys), and their scanner spends 20 minutes and 15 minutes respectively on one of our sites.
I emailed the "PCI Security Standards Council" about ASVs scanning just a mere fraction of pages on the website, and how is it that they can certify compliance with such an absurdly inadequate scan ..... and NOTHING, EVER......NEVER. I have never receive a reply from them.....EVER.
PCI is a total waste of legitmate time. Small companies don't even understand a fraction of the Self-Assessment Questionnaire, so this is how they answer:
Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Yes, Why'd we get compromised?
Then you get a QSA that known nothing about technology just happy to check his boxes, and flex his atrophied muscles over things that have nothing to do with anything. FARSE .... Totally!