PCI-DSS Penetration Testing


PCI-DSS Penetration Testing

from 3,200.00

Identify your businesses critical vulnerabilities within your Card Holder Environment and the adjacent networks before cyber criminals do. Our PCI-DSS penetration test provides a complete solution for meeting Req 11.3 of the PCI-DSS and effectively testing your IT network infrastructure and making sure your organisation is genuinely secure against cyber threats and meets the letter of the PCI-DSS.

Pricing is by the number of IP addresses within the Card Holder Environment.

Number of IP Addresses:
Add To Cart


Our PCI-DSS penetration test aims to identify vulnerabilities within your Card Holder Environment as well as your adjacent networks that could be used to breach your network and provide access to the CDE to unauthorised individuals. Your system will be reviewed for vulnerabilities to identify any weaknesses that could allow an attacker to compromise the network, the data stored on it or the devices hosted on it. Our PCI-DSS penetration testing service meets the letter of Requirement 11.3 of the PCI-DSS and follows the PTES (Penetration Testing Execution Standard) methodology to CREST standards. This approach emulates the techniques of real attackers, using the same tools as the attackers as well as a number of in-house developed tools. This enables a full assessment of the scoped infrastructure.

This approach emulates the techniques of real attackers, using the same tools as the attackers as well as a number of in-house developed tools. This enables a full assessment of the key components of the web applications and supporting infrastructure.

Why you need to test

Infrastructure and application related vulnerabilities within the CHE (Card Holder Environment) as well as the adjacent administration and support networks tend to arise from poor hardware and software configurations, ineffective system configuration parameters and weak security system controls. Exploiting a vulnerability allows an attacker to gain control in a privileged state and access resources on the network. 

The PCI-DSS (Payment Card Industries Data Security Standard) requires all merchants who accept card payments to undergo a penetration at least annually and after any significant change. In order to remain compliant, merchants must be tested.


Our PCI-DSS penetration tests will help you:

  • Gain real-world insight into your vulnerabilities;

  • Comply with Requrement 11.3 of the PCI-DSS

  • Identify any patches that need to be installed;

  • Reconfigure software, firewalls and operating systems; and

  • Identify needs for encryption or more secure protocols.

How it works

Our PCI-DSS penetration testing process is as follows:

  • Once you have placed an order, a review meeting is taken by the assigned penetration tester and our CEO to ensure we are going to test to a sufficient level.

  • We will schedule and hold a scoping call with you to establish the exact extent of the testing exercise. This is where we will also discuss the extend of authenticated testings. We will run through your CHE and how it interacts with the rest of your business to ensure that we have everything in scope we need to ensure compliance.

  • A series of automated vulnerability scans.

  • A range of manual tests using a methodology closely aligned with the PTES.

  • Extensive Network Segmentation Testing will be performed.

  • Immediate notification of any critical vulnerabilities to help you act quickly.

  • A detailed report that identifies and explains the vulnerabilities and their impact to your organisation.

  • A list of recommended countermeasures to address any identified vulnerabilities.

  • An executive summary that explains what the risks mean in business terms.


  1. The price is by blocks of IP addresses.

  2. Expenses related to travelling, etc. are not included in the price.

  3. On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.

  4. The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).

Require a more in-depth penetration test?

We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting advanced exploitation of the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.

Why choose us?

Penetration tests should only be carried out by experienced testers with the necessary technical skill set and qualifications. Our penetration testers have strong technical knowledge and a proven track record in finding security vulnerabilities and can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.

Our penetration testers are OSCP (Offensive Security Certified Professional), OSWE (Offensive Security Web Expert) and CREST (Certified Register of Ethical Security Testers) certified. Our penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your web application has been reviewed by experienced testers in line with your business requirements.

Got a question? Ask us

Name *