Penetration Testing

The PCI DSS standard requires that a penetration test be undergone annually or following a significant change to your network.

What is a penetration test?

From a PCI DSS perspective it is important that a hacker cannot get access to card information on your computer systems. A penetration test examines the security of a computer system or network by subjecting it to tests similar in nature to those performed by real world hackers. The process involves an assessment of the system for any weaknesses, technical flaws or vulnerabilities.

What is the difference between PCI DSS Scanning & Penetration Testing?

Sysnet is an approved PCI DSS scanning vendor (ASV) for the PCI DSS and can carry out scanning for you in line with specific PCI council guidelines. However a Sysnet penetration test goes beyond the automated and strict guidelines of PCI DSS scanning. PCI DSS scans are non-intrusive inspections that simply evaluate your network perimeter security for vulnerabilities. Penetration testing takes the process further and involves an exploration of the all security features of the system in question, followed by an attempt to breech security and access the system. While scanning uses the basic automated tools of a hacker for revealing vulnerabilities, penetration testing adds the mind and resourcefulness (the human element) of the hacker for exploiting these vulnerabilities.