PCI DSS penetration test and pen test

GET A DEMO AT YOUR DESK

Award Winning Security Testing Services

Request a 1:1 Online Demo

describe the image

REQUEST A QUOTE

Security Testing Quote

Receive a Fixed Price Proposal with Sample Report

describe the image

SERVICE ACCREDITATIONS

describe the image
describe the image
describe the image
describe the image

RELATED SERVICES

PCI Network Penetration Testing

What is PCI Network Penetration Testing?

PCI DSS Requirement 11.3 specifies that organisations must "Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a subnetwork added to the environment, or a web server added to the environment).

Requirement 11.3.1 specifies the requirement for network penetration tests.

PCI network penetration tests should provide evidence of how each vulnerability detected can be exploited and the risk level and potential impact of each vulnerability.  Reports should give clear recommendations and solutions to help eliminate each vulnerability or reduce the risk to an acceptable level.

The goal of the PCI network penetration test is to identify vulnerabilities in your network, and to clearly demonstrate how the potential security impact, if exploited.

Overview of our service

An expert Penetration Test Engineer will study your network and search for vulnerabilities.  This is achieved through the use of semi-automated tools and script execution and is heavily dependent on manual testing techniques.  By analysing the results, he will expose potential vulnerabilities and customise subsequent tests, based on the initial findings.

The PCI network penetration test can include the further exploitation of vulnerabilities that are discovered (chained exploits), if explicitly requested by the client.

PCI network penetration tests include:

  • External Penetration Test – Conducted remotely on external or public facing network to identify vulnerabilities that are visible to outsiders at large.
  • Internal Penetration Test – Conducted on the internal network to identify vulnerabilities that are visible to insiders, contractors, partners with potential malicious intent.

Key service attributes

  • Network vulnerability scanning, mapping and analysis
  • Manual verification of vulnerabilities
  • Extensive customised manual penetration tests
  • Controlled exploitative testing, only if explicitly requested
  • Detailed vulnerability reporting
  • Removal of false positive findings
  • Clear recommendations and fixes
  • Access to reports via ClientConnect portal

What you receive

The results of the tests are presented logically and clearly and are provided through an online secure portal (also downloadable as a PDF).  The test report includes the following details:

PCI DSS penetration test and pen test

  • Executive summary
    • Vulnerability graph
  • Detailed report of findings
    • Vulnerabilities
      • Detailed steps
      • Solution
      • Further reading
      • Affected assets
    • Unconfirmed vulnerabilities
      • Detailed steps
      • Solution
      • Further reading
      • Affected assets
    • Observations
      • Description
      • Solution
      • Affected Hosts
  • Port scan results
  • The SANS Top 20
  • Interpreting risk ratings
  • Tests performed & tools Used
  • Mitigation tracker

The reports provide a view of the findings ranked by risk level, helping you prioritise on the areas of greatest risk.  Clear guidance and concise solutions are included to help you quickly eliminate all vulnerabilities found.

What to do next

Contact us on 0844 488 0963, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.