The PCI DSS states that yearly assessments are to be performed by ASVs, while self-assessments can be done quarterly by qualified and experienced professionals. Qualified persons should have multiple years' experience in penetration testing and possess one or more of the following certifications:

• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• CREST penetration testing certifications
• Global Information Assurance (GIAC), for example, GPEN, GWAPT, and GXPN.

The tools used by professionals for the PCI DSS assessment can be commercial or open source, as long as they generate a high level of accuracy. In this book, we have used many tools, some of which not only perform multiple functions, but do so in an automated manner, usually once all IP information has been specified.

In Chapter 6, Vulnerability Scanning, we looked at several tools for performing automated vulnerability assessments, including the trial version of Tenable's Nessus and its available options for PCI DSS assessments and compliance. Tenable is also one of the many companies that can be hired directly as an independent third party to perform PCI ASV vulnerability scans for the annual PCI DSS report, depending on a company's level of compliance and annual transaction volume.

Although now available via a paid subscription only, Nessus can also perform both internal and external PCI DSS assessments. The following screenshot shows the details of the Nessus internal PCI DSS assessment:

To make things simpler, I've put together a list of tools covered in the previous chapters that can assist you in executing a vulnerability assessment and penetration test as part of the PCI DSS self-assessment. Again, some tools may be repeated throughout the list, as they may perform multiple functions:

• Information gathering (Chapter 4, Footprinting and Information Gathering):
  1. Devsploit
  2. Striker
  3. RedHawk

• Scanning (Chapter 5, Scanning and Evasion Techniques):
  1. Nmap
  2. RedHawk

• Vulnerability assessment (Chapter 6, Vulnerability Scanning):
  1. OpenVAS
  2. Nessus
  3. Lynis (Linux system auditing).
  4. Sparta

• Chapter 7, Social Engineering:
  1. The Social Engineering Toolkit

• Exploitation (Chapters 8-12):
  1. Metasploit
  2. NetHunter

• Reporting (Chapter 14, Tools for Penetration Testing Reporting):
  1. Dradis framework

Of course, there are many other tools that can be used for assessments, but these should be enough to get you started.