What is PCi-DSS Compliance?
What is the Scope of a PCI-DSS Penetration Test?
Applications or APIs
Reasons to Become PCI Compliant
PCI-DSS compliance can generate value for your business and help demonstrate your commitment to data security.
Need to Comply With PCI?
PCI-DSS Penetration Testing Requirements
PCI DSS Requirement 6.1
PCI DSS Requirement 6.2
PCI DSS Requirement 11.3.1
Perform external penetration tests at least once a year and after any significant changes or upgrades to the infrastructure / application (for example, upgrading the system, adding a subnet or web server to the environment, etc.).
PCI DSS Requirement 11.3.2
Perform internal penetration tests at least once a year and after any change or upgrade significant infrastructure or the application (for example, upgrade of the operating system or adding a subnet or web server in the environment).
PCI DSS Requirement 11.3.3
PCI DSS Requirement 11.3.4
Need to Comply With PCI's Pentest Requirements?
Frequently Asked Questions
Our services are specially designed to ensure that you meet the PCI-DSS requirements efficiently, without any guessing games.
We will provide evidence, through a technical report and an official attestation, that you have identified and successfully fixed any exploitable vulnerabilities within card processing systems and your external infrastructure, allowing your organization to comply with the PCI-DSS 6.x and 11.3.x requirements.
The cost of a PCI penetration test varies significantly according to the scope of your cardholder data environment (CDE). For this reason, there is no established price range for this type of assessment. To find out how much your penetration test would cost, reach out to our specialists to get a free quote.
Manual penetration tests and fully automated scanners are the most common techniques to identify and fix cybersecurity vulnerabilities within your technologies, allowing you to meet Requirements 6 and 11.
While scans can be a great starting point for those who lack the resources for manual testing, they may not be sufficient to comply with PCI due to their automated nature. Only experienced professionals should rely on scans to become PCI compliant, as these tools may fail to identify every vulnerability that could compromise your CDE, leaving your card-processing systems vulnerable.
Various steps are taken by our specialists to prevent the potential impact of our tests on the stability of your technological environment and the continuity of your business operations.
Unless specifically instructed to, our specialists refrain from performing any disruptive types of attacks that can, for example, cause denial of service. Thereby, most of our clients are unable to perceive any impact of our tests due to the rigorous measures we deploy to conduct our projects as seamlessly as possible.