PCI DSS Penetration Testing is performed to fulfill requirements as stated in the PCI DSS standard of the payment card industry. Penetration testing aims to identify potential vulnerabilities and exploits to assess whether unauthorized access or malicious activity to information assets and, in particular, card holder data is possible.
Bithex PCI DSS penetration testing will include networks and applications on external and internal facing networks, as well as controls and processes implemented to protect overall system assets and card holder data in payment card storing and processing.
If you are instead looking for consulting on the implementation of the PCI DSS standard, or parts of it, see more about Bithex Consulting on security standards.
PCI Security Scans
Merchants exceeding 20.000 yearly online transactions and/or total number of annual transactions is one million ore more, are required to execute quarterly security scans of external network assets by an approved security scan vendor. Bithex Plc. does manage approved PCI DSS security scans for vendors.
PCI DSS security scans are executed regularly to test all external facing systems that process and store cardholder data. The scan will tests for known vulnerabilities and configuration errors that can lead to security breaches. Found issues are classified into risk levels. To comply to the PCI DSS standard, companies must not have any importand security issues open.
Methodology for PCI DSS Pen Testing
Bithex PCI DSS penetration testing follows a standard methodology from security testing standards NIST-SP800-115 and OSSTMM where test cases and procedures are documented and the customer is supported in closing or migitating found vulnerabilities in the best practical way. Our goal is to help our customers sustain full compliance to PCI DSS requirements.
What must I do to prepare for a PCI Pen Test?
Preparation for PCI DSS Penetration Testing must focus on these points:
What is included in a Bithex PCI DSS Pen Testing?
Test plan execution for PCI DSS Penetration Tests usually covers components like:
Price for PCI DSS penetration testing will depend on the size of the scope at hand. Don’t hesitate to contact us for more information and a price quote.