Penetration Testing & Security Audit Compliance

The ultimate test of server security is a penetration test (or pentest). No other practice better simulates the real world scenario of being targeted by hackers, and no other preventative measure protects you more effectively against real-world threats. Whether you need black box, white box or gray hat testing, Server Scan can provide a professional and thorough penetration test for your company that will not only prove your compliance with data security standards (DSS), but will grant you and your customers confidence in the security of your site.

REQUEST A QUOTE

Experienced Professionals

We are staffed with certified testers including CISSP (Certified Information Security Systems Professional) and CEH (Certified Ethical Hacker). Our seasoned penetration testing team will investigate your systems with the most comprehensive array of security tests available. Enlist our trusted professionals to methodically inspect your systems for potential vulnerabilities, and provide recommendations to resolve weaknesses identified.

Pricing Guidelines*

Base Price: Up to 32 IP Addresses (internal + external) - $6,500
Additional IP Addresses (per 32) - $1,200
Internal Penetration Test - Included In Base Price
First Web Application - $2,200
Additional Web Applications - $1,200

Scheduling Guidelines

Most penetration tests are start within five business days of the time you reach out to us and terms are agreed to. We may require additional lead time if other tests are queued ahead of yours. Tests usually run for two to four weeks, depending on a number of factors, including whether internal pen testing is required.

Isn’t my quarterly ASV scan enough?

Vulnerability assessments are not only required by the PCI DSS, but they are great ways to check your system for possible weaknesses. Penetration tests, also required by the PCI DSS, will prove whether or not your system can actually be exploited. Assessments give you ideas about what to fix or patch and can help you on the road to a more secure environment, but a penetration test will be the absolute and realistic test of the security of your system. Penetration testing will show you exactly how an attacker could get in based on your current configurations. We also offer remediation of any vulnerabilities discovered which will ensure that attacks can’t happen by means of the discovered vulnerabilities.

PCI 3.x

Some important changes were made to the PCI security standards from version 2.0 to 3.0, and those changes are still in effect for versions 3.x. Those include changes in the penetration testing policy. Annual internal and external pentests are now required in order to better help protect your environment. Previously, external penetration tests were sufficient to meet the requirements. Internal penetration testing allows the tester some kind of authorized access or starting point within the internal network. Insider attacks can potentially be much more damaging because anyone on the inside already has basic knowledge of what might be important in that specific network. This test will give excellent and additional security to your system as vulnerabilities are identified and solutions are implemented. In most cases, our certified professionals can send you a host to plug into your internal network in order to perform internal scans and tests remotely. Should you have any vulnerabilities, we also offer remediation testing to validate any implemented fixes to previous vulnerabilities.

We Hear You

We promise you that when ServerScan performs penetration tests on your system that you can rest at ease. We will protect your data during testing. Our certified specialists will sign an agreement saying that should they come across anything protected, they will treat is as such. Additionally, if during the penetration test automated scanning or any other method should be needed that could potentially slow down a server, our specialists will notify you and ask permission before launching those tests. If you need the tests to be performed during off or low traffic hours, we are happy to accommodate your requests.

Consulting

Not sure what you need?
We offer consulting with one of our security professionals for a variety of topics including hacking remediation, PCI scoping, security consulting and more.

$80-$160/hour - depending on what kind of consulting you need.

Best Value

As with all services offered by ServerScan, we are passionate about providing you the absolute best value for your money. Included with all ServerScan Penetration Testing services you get one year of ServerScan PCI Scanning Services for up to five IP addresses. Secure your systems and meet your PCI compliance requirements with one simple solution.

You might still have questions. We understand that you may have never thought about penetration testing, much less scheduled one. That’s why we want you to contact us. Please email us or give us a call so we can clarify any questions you may have, and help you on your way to PCI compliance.

Call ServerScan to get a penetration test quote customized to your environment today!

*Each agreement will be different due to nuances in scope. The prices on this page are meant as basic guidelines only. Only prices quoted directly to you by ServerScan staff will be considered binding.

Orders in Payment Received - These orders need to have an initial scan (starting immediately) and quarterly recurring scans (starting 3-5 days in the future) scheduled, then move to Completed. See instruction document.

Orders in Pending - These orders need to have the customer contacted by email to inform them that payment failed and their scans will be disabled in seven days if we do not receive payment. Once that happens, do the following -

Set the recurring payment in the SS order manager to 'Suspended'.

Login to the Scan Manager and disable their scans by going to the Scan Portal > Admin > Network Assets, and deleting the zone.

Login as the User and turn off any scheduled scans by going to the Checklist>Manage>Login as User>Scan Schedules and deleting any scans.

Move order to Non Renewed (Canceled). Do not move past successful orders to Canceled, just the current order in question.