PCI-DSS 11.3 requires an external and an internal penetration test. Security checks must be performed by professional penetration testers at least once a year and after each significant infrastructure or application update or change.
We will happily send you detailed information about our specialized penetration tests based on PCI-DSS requirement 11.3. Both penetration tests are described in more detail below.
The penetration test at network level examines the attack and manipulation possibilities of the cardholder data environment. It takes place both via the Internet and in the internal cardholder data environment itself. All available network components, used network protocols and operating systems including the directly accessible services and applications are tested for security gaps.
The test also takes into account wireless technologies found within the cardholder data environment. Network segmentation is also tested bi-directionally for security.
In accordance with PCI DSS requirement 11.3.2, the application-level penetration test primarily examines Web applications for vulnerabilities listed in PCI DSS requirement 6.5. Of course, the test can be extended to include further potential weak points and manipulation possibilities.