PCI Compliance: Implementing Effective PCI Data Security Standards

Before we dive deep into Payment Card Industry (PCI) requirements related to vulnerability management, and find out what technical and non-technical safeguards are prescribed there, we need to address one underlying and confusing issue of defining some of the terms that the PCI Data Security Standard (DSS) documentation relies upon. These are:
Vulnerability assessment
Penetration testing
Testing of controls, limitations, and restrictions
Preventing vulnerabilities via secure coding practices
Defining vulnerability assessment is a little tricky, since the term has evolved over the years. For instance, Wikipedia (http://en.wikipedia.org/wiki/Vulnerability_assessment) defines it as the process of identifying and quantifying vulnerabilities in a system, which is a very broad definition. In the realm of information security, vulnerability assessment is usually understood to be a vulnerability scan of the network with a scanner, implemented as software, dedicated hardware, or a scanning service. Sometimes using the term network vulnerability assessment adds more clarity to this. Terms network vulnerability scanning or network vulnerability testing are usually understood to mean the same.
Penetration testing is usually understood to mean an attempt to break into the network by a dedicated team, which can use the scanning tools mentioned above, and also other non-technical means such as dumpster diving (i.e., looking for confidential information in the trash), social engineering (i.e., attempting to subvert authorized Information Technology (IT) users to give out their access credential and other confidential information). Sometimes, penetration testers might rely on other techniques and methods, such as custom written attack tools.
Testing...