Security specialists

ThreatLabs specializes in security assessments providing valuable insights into vulnerabilities and weaknesses as well as actionable advice to increase the security posture of IT assets and environments.

Pentest for PCI DSS compliancy

The standard for payment card account data security includes the following:

11.4 - External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.

PCI Security Standards Council in Payment Card Industry Data Security Standard: Requirements and Testing Procedures, v4.0
Questions or request a quote?

PCI DSS requires the following activities at least every 12 months to detect and mitigate vulnerabilities:

  • Internal pentesting (11.4.2)
  • External pentesting (11.4.3)

The entire Cardholder Data Environment (CDE) perimeter and critical systems must be covered. If segmentation isolates the CDE from other networks, segmentation controls (11.4.5) should also be an explicit part of the scope.

Any exploitable vulnerabilities should be corrected, and mitigation should be validated with a re-test (11.4.4).