Penetration Testing for my Network

Posted on 2014-08-11
Last Modified: 2014-08-20
I have a Small Network that is in Need of PCI Compliance.

and Need to have a penetration Test done.

Looking for help with this Service and also if they have a re seller program.

Question by:Joseph Salazar
    LVL 5

    Expert Comment

    by:Gareth Tomlinson CISSP
    Where are you based?
    LVL 25

    Expert Comment

    by:madunix is one, they are good and recommended by many payment gateways
    LVL 60

    Accepted Solution

    service from CESG CHECK, CREST, PCI QSA & PCI ASV approved company is worth thinking - below are candidates

    tools wise for self run has PCI template per se to guide if you need a self check
    e.g. recommends qualyguard (vulnerability test tool)

    note that for PCI DDS compliance you MUST run quarterly audits. if you store CC data you should be compliant - even if not accessing it directly. (PCI compliance required for handling of CC data, this includes storing/transmitting). Hence it may be worth engaging service on a long term basis for a more cost effective means ... else build an internal team which time and resource may not be in favourable

    scope of vulnerability mgmt service should minimally include process to Review reports, Analyze results for false/true positives, Define actionable items, Prioritize items, Determine remediation/mitigation paths for each items etc.

    Of course there are more candidate with the tool

    but good to note the below

    3. How much do scanning services cost?
    ControlScan: "Scanning services can range from $15 to $40 a month. One thing to keep in mind is that becoming PCI Compliant is more than just a scan. The PCI DSS is a set of 12 requirements that focus on specific areas of security. When evaluating which scanning vendor to use, do not assume that because you purchase a less expensive PCI scan that you are compliant."

    SecurityMetrics: "Most merchants will pay $139.99 per year for full service PCI quarterly scanning and remediation help on all issues related to compliance including security policies and questionnaire assistance. The price is reduced as the IP count increases."
    LVL 38

    Assisted Solution

    by:Rich Rumble
    You need to have a 3rd party and PCI accredited scanning company quarterly scan. The PCI Council site has a list of approved vendors.
    Make sure you are in fact bound by PCI however, many companies think they are, but they aren't keeping the data or are redirecting to a 3rd party. Just because you allow purchases doesn't mean you are bound to PCI. I'm sure you wouldn't ask the question, but it's happened to me a few times this week alone :) If pay-pal or someone else is the shopping cart for your site, then the compliance is mostly on them, the 3rd party.

    Author Comment

    by:Joseph Salazar
    Hashemite we are in Orange County
    LVL 60

    Assisted Solution


    Author Closing Comment

    by:Joseph Salazar
    Wow !!!! Lots to choose from,

    Thank you everybody.


    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include tâ€Ĥ

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now