PCI Cardholder Environment Penetration Testing

Home » INDUSTRIES » For Retail & Ecommerce » PCI Cardholder Environment Penetration Testing

Scientific Approach

Hackers seeking to compromise your data do not utilize commercial scanners that cost tens or hundreds of thousands of dollars. Our unique penetration testing methodology combines the best parts of commercial tools, open source, manual and script-targeted attacks to identify weaknesses in perimeter or internal host, application, and network security.

Cardholder Datacenter Penetration Testing
We test commonly known vulnerabilities, various iterations and patch levels of those vulnerabilities, as well as common misconfigurations. This approach will better align your organization for other technical controls which are required during the process of complying with various standards, such as PCI-DSS – providing a framework for measured response.

The reality is that most cardholder environment compromises begin with a host that is outside the environment. This means that holistic security is paramount, and that taking the narrow view of protecting only the CHE is likely to cause more problems than it solves. Being prepared and performing thorough testing will help prevent incidents.

PCI Penetration Testing Requirements
The Payment Card Industry Data Security Standard mandates that organizations who handle cardholder data must perform external, internal, and web application penetration testing, specifically: