PCI DSS vulnerability scans

Official ASV (Approved Scanning Vendor) scanning

Quarterly ASV scanning is a mandatory element for all PCI DSS reports, independently from the level of the merchant or service provider. We offer official ASV scanning service with the technical involvement of our strategic partner, Qualys Inc.

The ASV scanning service covers the followings:
  • Quarterly performed official ASV scans, technical consultancy
  • Official ASV scan report issued by Qualys Inc.
  • Recurring and ad-hoc scans based on the required term and after major network changes
  • Ismételt scan-ek elvégzése
Official ASV scans can only be performed by an official ASV company. According to the PCI DSS requirements quarterly ASV scanning activity is mandatory independently from the level of the merchant or service provider.


Internal vulnerability scanning

The internal vulnerability scan (IVS) is performed by a scanner appliance temporarily installed in the customer’s internal network on the pre-defined network devices and IP addresses.

The IVS scanning includes the following services:
  • Exploration of the complete network topology
  • Detection of wireless access points and unauthorized devices
  • Scanning of pre-defined IP addresses
  • Proposals for the elimination of security deficiencies
According to PCI DSS each PCI entity must perform vulnerability scan for the internal devices of the Cardholder Data Environment (CDE) quarterly or after any significant network changes.


Web application scans

The web application scanning extends to every web application that is publicly accessible and participates in any way in the activity of storing, processing or transmission of cardholder data.

The web application scanning service covers the following:
  • Web application scanning
    • SQL Injection vulnerabilities
    • Cross Site Scripting (WSS) errors
    • Directory traversal
    • Website resource protection
    • Server script errors
    • URL redirection errors
  • Examination of the web application authentication
  • Detailed report about the result of the scanning
According to the PCI DSS requirements web application scanning activity is mandatory on an annual basis.


Penetration tests

The aim of the penetration tests is to detect the vulnerabilities in the system that can be exploited by a potential malicious attacker who, consequently, becomes able to obtain, modify or exterminate cardholder data or either to damage somehow the IT infrastructure of the customer.

Penetration test service includes testing of the publicly accessible points and internal crucial system components on network and application level. During the examination our technical expert doesn’t execute any attacks that can threaten the operation of the scanned system.

As a result of the test we deliver an extensive summary about detected threats and technical proposals for eliminating them.

The penetration tests are executed by the professionals of our penetration testing specialist partners.

Performing penetration test is mandatory at least once a year according to PCI DSS regulations.






Knowledge Base Highlights


Get informed on Qualys’ On-demand Security solutions!

More »
_________________________________
Learn more about PCI DSS compliance!

More »
Certifications
Strategic partners



© AperSky Consulting Llc.