Penetration Testing

PCI Consulting Australia offers a Penetration Testing service that adheres to PCI DSS version 3.2.1 requirements, including network and application layer testing both internally and externally.

Our approach to application penetration testing is not only based on OWASP (Open Web Application Security Project) but it is extended with our own unique list of tests which contains over 300 checks. The list is updated on a daily basis as new vulnerabilities are found.

Real world attacks are varied and not limited to automated scans. As such, we perform proper penetration tests including manual attempts to exploit vulnerabilities in line with PCI DSS Requirement 11.3. We can perform the tests onsite or externally via VPN.

After the testing we will prepare a well-structured, easy to read report and provide additional explanation as required with a presentation about our findings.

Vulnerability Assessment

PCI Consulting Australia can also provide internal vulnerability scanning services and report accordingly.

A vulnerability assessment consists of scans and manual vulnerabilities discovery. The main difference between a vulnerability assessment and a penetration test is that during the vulnerability assessment we do not attempt to exploit the vulnerability. We are proving that they exist and explain them in the report.

External Vulnerability Scanning

If you have external IP addresses within your Cardholder Data Environment, they require scanning by an Approved Scanning Vendor (ASV). We provide ASV services via Qualys software and our experienced team can help you define the scope of scanning, purchase the appropriate licences, and enable you to run your own scans each quarter.