Vulnerability testing
Thanks Doug.
HIPAA is requirement. I’ll take a look at that link.
Jock
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jock Philip [jock@visionchips.com] Vision Chips, Inc.
888.517.7779 x 3563
www.visionchips.com/
Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving System
—–Original Message—–
From: omnisdev-en [mailto:omnisdev-en-bounces@lists.omnis-dev.com] On Behalf Of Doug Easterbrook
Sent: Thursday, December 14, 2017 3:01 PM
To: OmnisDev List – English <omnisdev-en@lists.omnis-dev.com>
Subject: Re: Vulnerability testing
hi Jock.
others have alluded to PCI testing — but I think you need to ask the customer what this is about or what they are thinking.
if you system does NOT use credit cards or does not allow credit cards to pass through the system, then vulnerability testing might be a whole different kettle of fish.
If I recall, I think your world might mean HIPPA compliance for health care — I found this article online that mentions hippa .. I’m sure there are more.
www.hitechanswers.net/hipaa-qa-on-penetration-testing-and-vulnerability-scanning/
if your system processes credit cards and it is vulnerability testing, then there are people who do probes of a network from the outside to see if the network has introduced more open ports. I’ve not heard the need every time you sent out a patch to an application, only time based such as ‘once a month’ or ‘once a quarter’ penetration scans into the network.
any way .. I suspect the request comes due to hippa compliance based on my recollection of what you do. thats the place to start.
Doug Easterbrook
Arts Management Systems Ltd.
mailto:doug@artsman.com
www.artsman.com
Phone (403) 650-1978
see you at the third annual users conference
tickets.proctors.org/TheatreManager/95/online?performance=29086 <tickets.proctors.org/TheatreManager/95/online?performance=29086>
> On Dec 14, 2017, at 12:35 PM, Jock Philip <jock@visionchips.com> wrote:
>
> Anybody doing vulnerability testing in a client server environment?
>
> Have a customer that is requiring evidence of vulnerability testing on our software whenever we do updates. Oracle database, Studio 4.3.2.1, customer’s own network and their own server. Any examples, suggestions, tools or anything else of any help?
>
> Thanks
>
> Jock
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jock Philip [jock@visionchips.com
> 888.517.7779 x 3563
> www.visionchips.com/
>
> Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving System
>
> _____________________________________________________________
> Manage your list subscriptions at lists.omnis-dev.com
_____________________________________________________________
Manage your list subscriptions at lists.omnis-dev.com
_____________________________________________________________
Manage your list subscriptions at lists.omnis-dev.com