Industry recognitions we have earned
Provensec maintains a key focus on PCI DSS requirements via our easy PCI service. We are well known in the industry for our security research and penetration testing expertise. Our pen test services help you secure data, comply with various PCI requirements.
Our team is fully equipped with the right knowledge of PCI DSS requirements that can help you achieve the right scoping , execution and aftercare results and satisfy PCI Penetration testing requirements.
If you are facing a short deadline and need a quick turnaround time , you are at the right place. Our client's love our flexible and personalized service. Drop us a mail and relax !
We are not just another penetration testing company. We have our proprietary Vulnerability Management Technology that enables us to find more, do more, and deliver more.
Want PCI ASV Scans for FREE?
Become a Provensec client and get exactly that. We partner with multiple vendors and use economies of scale to dramatically lower your costs. Then we manage your scans and also provide a portal for downloading the Certificate for Quarterly Compliance.
Our PCI testing process strictly follows the guidance provided by PCI SSC. The objective of the test is to see how an attacker could jeopardize the confidentiality and integrity of cardholder data.
We start by agreeing on the scope and rules of engagement which includes the success criteria.
Once the scope and success criteria are agreed upon, we start testing using OWASP methodology which touches upon the application, network and server layers of your IT infrastructure
Once the test is completed, a report will be delivered which explains the results and includes SMART actions to fix identified findings.
The testing execution will include the following aspects of your IT infrastructure:
Application Layer: As mentioned in Section 2.3 of PCI SSC guidance, we will perform testing from the perspective of the defined roles of the application. We strongly encourage our clients to supply credentials to allow the tester to assume the required roles. This will allow the tester to determine if, at any given role, the user could escalate privileges or otherwise gain access to data they are not explicitly allowed to access. In instances where a web application utilizes a backend API and the API is in scope, we Test web and API independently.
Network Layer: Because the network layer is uses a standard mode of interaction, we use automated tools to conduct the test and then the results are verified manually. This verifies whether the CDE environment has efficient and effective network controls.
Segmentation test: The segmentation check is performed by conducting tests used in the initial stages of a network penetration test (i.e., host discovery, port scanning, etc.). We verify that isolated LANs in the agreed scope do not have access into the CDE.
Client Testimonials