The Payment Card Industry (PCI) Data Security Standard (DSS) requires an annual onsite audit for Level 1 merchants or service providers.

The PCI onsite audit requires a penetration test be conducted against servers connected to the cardholder environment.

SecurityMetrics Penetration Tests employ the most current attack methodologies. SecurityMetrics ensures each Penetration Test Report includes the following sections:

1. Target Profile
   A list of all pertinent data about your systems is collected from public sources -- primarily the Internet. Some of this information can be particularly useful to an attacker. We'll obtain the data, list it in your report and discuss the implications.
   
2. Target Enumeration
   Ports are scanned and all software services running on the target systems are identified.
   
3. Target Research
   Once the software services are identified on the target systems, then weaknesses are manually researched. The manual research results are listed in the report and are used as a basis for the attack.
   
4. Target Penetration
   Now the penetration tester attempts to compromise the target systems to determine the extent of the security weaknesses.
   
5. Target Analysis
   A consise report is created detailing the results of the penetration test and any successful compromises or system weaknesses.
   

If you wish to obtain more information or a price quote please contact a SecurityMetrics Strategic Accounts Representative at (801) 705-5656 or by email at consulting@securitymetrics.com.