Pentest for PCI DSS compliancy

The standard for payment card account data security includes the following:

11.4 - External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.

PCI Security Standards Council in Payment Card Industry Data Security Standard: Requirements and Testing Procedures, v4.0
Questions or request a quote?

PCI DSS requires the following activities at least every 12 months to detect and mitigate vulnerabilities:

PCI DSS v3.2.1 will be retired on the 31st of March 2024, and version 4.0 is its successor.

The entire Cardholder Data Environment (CDE) perimeter and critical systems must be covered. If segmentation isolates the CDE from other networks, segmentation controls (11.4.5) should also be an explicit part of the scope.

Any exploitable vulnerabilities should be corrected, and mitigation should be validated with a re-test (11.4.4).