Sign in
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help
ProServ

Overview

What is PCI penetration testing?

PCI penetration testing is a security assessment designed to identify weaknesses and vulnerabilities in systems located in the cardholder data environment (CDE), following the specific requirements outlined by Payment Card Industry Data Security Standards (PCI DSS).

Penetration testing is a mandatory part of PCI compliance, as it helps organizations identify vulnerabilities and potential attack vectors that could be exploited by malicious actors to steal credit card data. PCI penetration testing is typically conducted by a third-party security provider and involves a simulated attack on the organization's systems, networks, and applications.

Secure your cardholder data environment today. Request a PCI pentest

PCI penetration testing requirements

Apart from general guidelines on secure processing of payment data, the PCI standard outlines requirements for compliance and mandates regular external and internal penetration testing at least once a year, or at every major change in the infrastructure of the cardholder data environment (CDE).

With many PCI-scoped assets hosted in AWS, on-premise or on other cloud providers, Blaze provides the necessary recommendations to remediate and fix issues and improve your overall resilience against cyberattacks, guaranteeing adherence to the following requirements of PCI 3.2.1 and PCI 4.0:

  • 11.2.1 and 11.2.3: Quarterly external and internal vulnerability scans
  • 11.3.1 and 11.3.2: External and internal penetration testing of the CDE
  • 11.3.4: Segmentation testing
  • 6.6: Public-facing web application security assessments

For PCI 4.0 we cover the following additional requirements:

  • 11.4: External and internal penetration testing of the cardholder data environment
  • 6.4: Public-facing web application security assessments

We have written a comprehensive guide to PCI penetration testing, that answers most frequently asked questions about the topic.

PCI penetration testing services

Our PCI DSS penetration testing services provide a comprehensive assessment of your organization's payment card data environment to identify vulnerabilities and weaknesses that could put card payment data at risk, and validates the posture of existing security controls to safeguard cardholder details.

Blaze's PCI DSS penetration testing offer include the following services, which can be hired individually or separately:

  • SaaS / web application penetration testing
  • AWS cloud penetration testing and configuration security review
  • External and internal network penetration testing (for AWS-hosted infrastructures and more)
  • API penetration testing (REST, GraphQL and SOAP)
  • Mobile app pentesting (iOS and Android)
  • Wi-Fi penetration testing (may require on-site travel)
  • Network segmentation testing
  • Quarterly vulnerability scans

We have experience in performing penetration tests for PCI DSS audits for businesses across various industries and verticals. Our assessments follow leading methodologies such as OWASP Top 10, OSSTMM, NIST 800-115, and PTES to ensure a comprehensive review of the security controls of the systems under the scope for your PCI DSS audit.

The average duration for this service is between 5 to 30 person-days, depending on the complexity of the scope of work.

Deliverables

Upon completion of the testing, you will receive a detailed report outlining any vulnerabilities and weaknesses discovered, as well as recommendations for remediation. In addition to the written report, we also offer a cybersecurity assessment letter and a debrief session to review the findings and provide guidance on next steps for improving the security of your environment.

The report contains the following:

  • An executive summary explaining the issues, attack scenarios and impact to the organization in friendly and non-technical language
  • A detailed description of the vulnerabilities, proof-of-concept exploits, and suggestions for addressing the issues
  • A vulnerability remediation prioritization matrix to help your team prioritize remediation and reduce risk to the environment

Reports and assessment letters are typically delivered within five business days of completing the security assessment. Fix validation is free if conducted within 90 days of the final report delivery.

Contact us

Prices starting at $6,000. Free retesting is included in our service.

Request a PCI pentest now: https://www.blazeinfosec.com/lp/penetration-test-quote-form/

Email: sales@blazeinfosec.com

Our services are insured worldwide by Hiscox with a professional liability (E&O) cover of $5,000,000. Blaze is a CREST-accredited, ISO 27001 and ISO 9001 certified company.

Sold by Blaze Information Security
Categories
Fulfillment method Professional Services

Pricing Information

This service is priced based on the scope of your request. Please contact seller for pricing details.

Support

Contact us: https://www.blazeinfosec.com/contact-us

Email: sales@blazeinfosec.com

Website: https://www.blazeinfosec.com

Phone: +1 347 892 4783 (US/Canada)

Phone: +351 222 081 647 (Europe/international)

Services insured worldwide with a professional liability (E&O) cover of $5,000,000. Blaze is a CREST-accredited, ISO 27001 and ISO 9001 certified company.

Support and project management are provided based on the statement of work agreed.