PCI-DSS Penetration Testing

PCI-DSS Penetration Testing for performed for merchants of all PCI-DSS levels by our OSCP qualified penetration testers. Hedgehog Cyber delivers leading edge infrastructure penetration testing for  service providers as well for the clients that use these services as a core part of our penetration testing offerings.

We have been performing PCI-DSS penetration testing since our very first days. Thats 10 years of testing experience across all of the levels of merchants. PCI-DSS penetration testing combines many different facets of testing. The key benefits of using Hedgehog for your PCI-DSS penetration test is our combined experience. increased technical assurance, and better understanding of the attack surface that your systems are exposed to. PCI-DSS environments can be tricky to test. Whether they are a physical or virtual platforms, they are prone to security misconfigurations, weaknesses, and security threats. Hedgehog can help rapidly test these and prove your compliance.

We start every engagement the weekend before the technical kickoff date by running an in-depth intelligence gathering exercise (often called OSINT). When we arrive on site, we will conduct extensive reconnaissance of your Cardholder Data Environment (CDE) as well as your connected administrative and user networks. We will assess the security of your Wireless where it is possible to connect from the wireless to one of your CDE connected networks.

Proving segmentation is in important part of every PCI-DSS penetration test, especially where segmentation has been used to reduce the scope of PCI in your business. We test segmentation from the CDE to all your networks and then conversely from all connected networks and non-connected networks to your CDE. This was you have definitive proof of segmentation.

PCI-DSS Penetration Testing Quote

Use our online quote generation service to design and build your perfect penetration test and receive a formal quote within hours, not days.

What is a PCI-DSS Penetration Test

A penetration test is a type of cyber security assessment designed to identify, exploit and help address vulnerabilities.

PCI DSS penetration testing is designed to include assessment of network infrastructure and applications from both outside and inside an organisation’s network environment.

What needs to be tested?

PCI DSS penetration testing must be performed on an organisation’s complete cardholder data environment (CDE) and include any systems which may impact the security of the CDE.

A PCI pen test will help to identify:

  • Unsafe system and network configurations
  • Improper access controls
  • Rogue wireless networks
  • Common coding vulnerabilities such as cross-site scripting (XSS) and SQL injection
  • Broken authentication and session management
  • Encryption flaws

Why Hedgehog?

We are a CREST accredited and award-winning provider of penetration testing services.

Our ethical hacking engagements, including network penetration testing and web application testing, help organisations to achieve PCI DSS pen test standards by identifying weaknesses that could enable card payment details to be compromised by criminal attackers.

Threats for 2020

  • Unauthorised Access
  • Insecure Interfaces and API's
  • Misconfiguration
  • Account Hijacking
  • Data Leakage
  • Malicious Insiders
  • Malware

Need PCI DSS penetration testing?

Contact our expert team today to discuss your requirements

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

Useful References

Here are some useful resources that might be of help:

Interesting articles

Scroll to Top