PCI Penetration Testing
Pentesting Designed for PCI
Raxis performs manual pentesting to meet PCI-DSS requirements and will work closely with your Qualified Security Assessor (QSA) to ensure that the compliance standards are met for your in scope systems. We're different because we work as an extension of your team.
Our goal is to help you improve security for your cardholder data while also satisfying the PCI requirement, so the more detail you can provide your pentester about your application and systems, the better it is for everyone.
Contact us and we'll be glad to help customize a quote to meet your needs.
Get a Fast, No Hassle Quote
PCI Compliance Requirements
The Payment Card Industry (PCI) requires that pentesting be completed for compliance as of July 2015 as part of PCI-DSS Requirement 11.3. This is different from a vulnerability scan in the sense that a pentest will attempt to breach the security vulnerabilities that are discovered. This ensures that any findings are not false-positives as each will be supported by screenshots and data exfiltration evidence. In addition, PCI-DSS 11.3.4 requires that segmentation checks be performed to confirm that any segmentation used remains effective and valid. Segmentation checks may not be performed by management of the Cardholder Data Environment (CDE) and should be performed by a third party.
Network Segmentation Testing
Based upon specifications prescribed by PCI DSS 11.3, our pentester will perform a comprehensive penetration test of the Cardholder Data Environment (CDE) perimeter and any systems that could impact the security of the CDE. This includes any system that processes, stores, or transmits credit card information. Often this is referred to as the PCI segment, and it usually is completely separated from other out-of-scope systems that do not handle cardholder data. As part of the PCI pentest, Raxis will test segmentation of the PCI segment and ensure that out-of-scope systems remain completely separate from the CDE. We'll work closely with your team to determine the appropriate scope of the environment to ensure that time and cost is appropriate for the PCI pentest.
A simulated attack on your Cardholder Data Environment designed to find security vulnerabilities you didn't know existed.
Test the human element and discover weaknesses in your visitor and vendor processes that you never knew you had.