..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

PCI DSS Testing

Regular testing of your network infrastructure and applications is a critical activity for ongoing assurance that your network remains safe, and that your investment in perimeter controls is yielding the expected return.

commissum provides a comprehensive range of internal and external network and application testing services, as well as cost-effective vulnerability assessments in between these detailed tests.

PCI DSS Compliance

Within the Payment Card Industry Data Security Standard (PCI DSS) twelve requirements are a number of mandatory testing requirements. In outline these are:

  • Quarterly Requirement:
    • Requirement 11.1 - Test for the presence of wireless access points
    • Requirement 11.2 - Internal and external network vulnerability scans
  • Annual Requirement:
    • Requirement 6.6 - Web application vulnerability testing
    • Requirement 11.3 - External and internal penetration tests annually and after any significant infrastructure or application upgrade or modification (including network-layer and application layer tests)

commissum is able to provide a full range of services to cover all PCI DSS testing and scanning requirements. The standard prescribes that annual testing of applications and infrastructure must be conducted by personnel that are “organisationally separate from the management of the environment being tested” and “qualified”. As a long standing independent provider of penetration testing services and a CREST member company, commissum is ideally placed to fulfil the stringent requirements of PCI DSS and any organisation seeking compliance with the standard.

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"We have been working with commissum for over five years on both rolling service contracts and ad hoc projects. We've found them extremely helpful and flexible in tailoring services to meet our requirements which, owing to the nature of our business, change frequently at short notice. Their staff are always professional, friendly and a pleasure to work with.”

Mark S, Head of IT - National Television Broadcaster

Latest News

cyber-war

Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years

A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...
Wed 08 May, 2013 // Briony
cyber-tanks

Suspected hacker arrested after “biggest-ever DDoS attack”

Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...
Tue 30 Apr, 2013 // Briony
masked-attacker

Hackers break into large cloud provider, claim to have credit card details

Some days ago, hackers gained access to computers owned by Linode, a company providing cloud services in the form of virtual Linux servers. The hackers gained access by using a “zero-day vulnerability” (a previously unsuspected security weakness) in Adobe ColdFusion, the software used in running the Linode web server. It ...
Fri 26 Apr, 2013 // Briony