Penetration Testing & Security Audit Compliance
The ultimate test of server security is a penetration test (or pentest). No other practice better simulates the real world scenario of being targeted by hackers, and no other preventative measure protects you more effectively against real-world threats. Whether you need black box, white box or gray hat testing, Server Scan can provide a professional and thorough penetration test for your company that will not only prove your compliance with data security standards (DSS), but will grant you and your customers confidence in the security of your site.
We are staffed with certified testers including CISSP (Certified Information Security Systems Professional) and CEH (Certified Ethical Hacker). Our seasoned penetration testing team will investigate your systems with the most comprehensive array of security tests available. Enlist our trusted professionals to methodically inspect your systems for potential vulnerabilities, and provide recommendations to resolve weaknesses identified.
Isn’t my quarterly ASV scan enough?
Vulnerability assessments are not only required by the PCI DSS, but they are great ways to check your system for possible weaknesses. Penetration tests, also required by the PCI DSS, will prove whether or not your system can actually be exploited. Assessments give you ideas about what to fix or patch and can help you on the road to a more secure environment, but a penetration test will be the absolute and realistic test of the security of your system. Penetration testing will show you exactly how an attacker could get in based on your current configurations. We also offer remediation of any vulnerabilities discovered which will ensure that attacks can’t happen by means of the discovered vulnerabilities.
Base Price: Up to 32 IP addresses (internal + external), no applications - $6,500
Additional IP addresses (internal + external), per 32 - $1,200
Internal Penetration Test surcharge - $2,700
First Web Application - $2,200
Additional Web Applications - $1,200
Some important changes were made to the PCI security standards from version 2.0 to 3.0, and those changes are still in effect for version 3.1. Those include changes in the penetration testing policy. Annual internal and external pentests are now required in order to better help protect your environment. Previously, external penetration tests were sufficient to meet the requirements. Internal penetration testing allows the tester some kind of authorized access or starting point within the internal network. Insider attacks can potentially be much more damaging because anyone on the inside already has basic knowledge of what might be important in that specific network. This test will give excellent and additional security to your system as vulnerabilities are identified and solutions are implemented. In most cases, our certified professionals can send you a host to plug into your internal network in order to perform internal scans and tests remotely. Should you have any vulnerabilities, we also offer remediation testing to validate any implemented fixes to previous vulnerabilities.
We Hear You
We promise you that when ServerScan performs penetration tests on your system that you can rest at ease. We will protect your data during testing. Our certified specialists will sign an agreement saying that should they come across anything protected, they will treat is as such. Additionally, if during the penetration test automated scanning or any other method should be needed that could potentially slow down a server, our specialists will notify you and ask permission before launching those tests. If you need the tests to be performed during off or low traffic hours, we are happy to accommodate your requests.
Not sure what you need?
We offer consulting with one of our security professionals for a variety of topics including hacking remediation, PCI scoping, security consulting and more.
$80-$160/hour - depending on what kind of consulting you need.
As with all services offered by ServerScan, we are passionate about providing you the absolute best value for your money. Included with all ServerScan Penetration Testing services you get one year of ServerScan PCI Scanning Services for up to five IP addresses. Secure your systems and meet your PCI compliance requirements with one simple solution.
You might still have questions. We understand that you may have never thought about penetration testing, much less scheduled one. That’s why we want you to contact us. Please email us or give us a call so we can clarify any questions you may have, and help you on your way to PCI compliance.
Call ServerScan to get a penetration test quote customized to your environment today! (801) 852-2337
*Each agreement will be different due to nuances in scope, but if your time frame is flexible, these are basic pricing guidelines.