Regularly test the security of network infrastructure and applications for PCI Compliance.
What is a PCI DSS penetration test?
PCI DSS Penetration tests are regular security assessments designed to identify and help fix vulnerabilities of external or internal network and applications.
PCI requirements demand from organizations to perform security audits of network infrastructure and applications at least annually, in order to remain compliant.
Our Methodology
Penetration testing on the Web Applications and Infrastructure. PCI DSS penetration testing is designed to include assessment of network infrastructure and applications from both outside and inside an organisation’s network.
The methodology is based on the PTES standard and OWASP (for web applications).
- Segmentation
- Host Discovery
- Service Scanning and discovery
- Scan for Vulnerabilities
- Manual and automated exploitation
- Post-exploitation & network privilege escalation
- NAS and file servers takeover
- SMB/Net-Bios exploitation
- Credentials memory dump
- Sniffing, spoofing and relaying
- DNS vulnerability exploitation and exfiltration
Why trust Krypteia for your PCI DSS penetration test?
Krypteia’s security engineers are part of GIAC Advisory Board, CISM Accredited and OSCP certified experts and helped many clients remain PCI DSS compliant with security audits on network and web applications