PCI ASV ASV scanning ASV PCI

GET A DEMO AT YOUR DESK

Award Winning Security Testing Services

Request a 1:1 Online Demo

describe the image

REQUEST A QUOTE

Security Testing Quote

Receive a Fixed Price Proposal with Sample Report

describe the image

SERVICE ACCREDITATIONS

describe the image
describe the image
describe the image
describe the image

RELATED SERVICES

PCI ASV Vulnerability Scanning

What is PCI ASV Vulnerability Scanning?

PCI DSS Requirement 11.2 specifies that organisations must "Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades)."

Requirement 11.2.2 specifies that organisations must "Perform quarterly external vulnerability scans via an Approved Scanning Vendor (ASV), approved by the Payment Card Industry Security Standards Council (PCI SSC).''

PCI ASV vulnerability scanning provides quarterly or more frequently semi-automated testing of networks and web applications to identify common vulnerabilities on an ongoing basis.

The PCI ASV vulnerability scanning service is a cost effective method of performing quarterly security scans.  Tests involve a combination of automated security scans, coupled with manual verification of findings by a Security Test Engineer.

PCI ASV vulnerability scanning provides security assurance against the majority of threats faced by networks and web applications, but are not as comprehensive as network penetration testing, web application security testing or security source code review.

Overview of our service

Once networks and web applications are enrolled for PCI ASV vulnerability scanning, we obtain IP addresses and URLs to be tested and the scheduled times for testing. Once the setup is completed the vulnerability scanning is conducted using leading commercial application scanners.

Detailed reports with vulnerability details, ease of exploitation, impact, vulnerability rating, solutions and fixes are provided along with a consolidated action plan. The reports breakdown confirmed vulnerabilities, possible vulnerabilities and information gathered.

PCI ASV services are provided through our longstanding partnership with Plynt (Security Testing Division of Paladion).  Paladion (Plynt) is a PCI Approved Scanning Vendor (PCI ASV), registered number 5004-01-02.

Key service attributes

  • Automated network and web application vulnerability scanning
  • Quarterly scanning & reporting
  • Access to reports via ClientConnect portal
  • On-demand scheduling via ClientConnect portal
  • Detailed vulnerability reporting
  • Clear recommendations and fixes
  • Cost effective solution for regular testing requirements

What you receive

The results of the tests are presented logically and clearly and are provided through an online secure portal (also downloadable as a PDF).  The test report includes the following details:

PCI ASV ASV scanning ASV PCI

  • Executive summary
    • Vulnerability graph
    • PCI compliance status
  • Vulnerabilities
    • Description
    • Solution
    • Results
  • Potential vulnerabilities
    • Description
    • Solution
    • Results
  • Information gathered
    • Description
    • Solution
    • Results
  • Interpreting PCI risk ratings
  • PCI - Company compliance status
  • PCI - Individual IP compliance status

 

 

The reports provide a view of the findings ranked by risk level, helping you prioritise on the areas of greatest risk.  Clear guidance and concise solutions are included to help you quickly eliminate all vulnerabilities found.

What to do next

Contact us on 0844 488 0963, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.