PCI Penetration Testing
PCI Penetration test helps organizations secure the CDE and meet the PCI compliance requirements.
PCI DSS is a mandatory requirement for any organization that accept payment cards as a means of processign payments. To ensure the security of applications, network and the cardholder data; organizations shall perform periodic vulnerability assessments and penetration testing.
PCI Penetration Testing services from ValueMentor speficially addresses the requirements outlined in the PCI DSS Standard.
PCI Penetration Testing Requirements
PCI ASV Services
ASV Scans are services that scan for vulnerabilities in the publicly exposed systems associated with your CDE. This shall be performed by an Authorized Scanning Vendor. ValueMentor facilitates the ASV SCans until you get passing results, every quarter.
PCI Segmentation Testing
PCI Segmentation testing (PCI DSS requirement 11.3.4 or 11.3.4.1) shall be performed if segmentation has been used to isolate the CDE from other networks either atleast annually or half-yearly (service providers)
PCI External Penetration Testing
PCI DSS requirement 11.3.1 requires organizations to perform external penetration tests atleast annually or after a significant change to the CDE or systems within the CDE.
PCI Internal Penetration Testing
PCI DSS requirement 11.3.2 mandates the need for performing internal penetration tests of the CDE to secure the systems and network from attacks against the payment infrastructure.
Quarterly Internal Vulnerability Scans
Internal vulnerability scans (PCI DSS requirement 11.2) helps organizations detect and fix vulnerabilities. PCI DSS requires passing reports each quarter.
Quarterly Wireless Network Analysis
PCI Requirement 11.1 requires wireless network identification on a quarterly basis. A wireless network analysis helps organizations identify rougue wireless networks.
Let us manage your annual PCI Penetration Testing Requirements
Our PCI Penetration Testing Approach
Defining the Scope
A complete coverage of the PCI Penetraton Scope is essential to ensure the continuous compliance to PCI DSS Requirements. All systems &networks that store, process, or transmit cardholder data or sensitive authentication data and any technology that can affect its security should be part of the scope.
Reconnaissance
The assets in the scope are identified in the recon phase of the PCI pentesting.
Assessment
At this stage, we will perform the required security tests and exploitations as outlined in the PCI DSS Penetration Testing Guidelines
Reporting
We will prepare QSA acceptable penetration test reports, which includes the methodlogy of tests, documentation of findings and remediation steps.
Re-Tests
Clean reports are critical for the success of your PCI Compliance. We can perform re-test to validate the closure and issue clean report once everything is fixed.
Benefits of working with ValueMentor
- ValueMentor is a PCI QSA Company and understands the PCI Penetration Testing requirements very well
- ValueMentor follows CREST Approved Penetration Testing methodology
- Our PCI Penetration Testing team has indepth experience in performing penetration tests
- We have conducted more than 2500+ penetration testing engagements
- Our team is OSCP Certified, CREST Certified and holds other penetration testing certifications
- We will provide every support for you to resolve the vulnerabilities quickly and remediate them to ensure clean reports.
Would you like to speak to a Penetration Testing Expert?
Related Insights
Penetration Testing: Methods and Types
Penetration testing is a simulated attack; that helps to identify the type of resources exposed to the outer world, the network security risk...
Best Practices to choose a Penetration Testing Partner
With cyberattacks becoming the norm, Penetration Testing has become a mandatory security engagement for every business. There are hundreds of...
Beginner’s Guide to Penetration Testing Methodologies
When it comes to assessing your cyber security strategies, you must think from the perspective of a hacker. That is what exactly penetration testing...