Pentesting UK FAQs

I use Worldpay and they require me to have quarterly scans carried out, but none of the companies they recommend have come back to us. Would you be able to help with this?

We can set this process up for you, and have a solution that is suitable for the smaller merchant and a competitive price.

I need to have use an Approved Scanning Vendor (ASV) for my PCI compliance, what is this and can you help with this?

An Approved Scanning Vendor (ASV), for example, is a service provider that is certified and authorised by the Payment Card Industry (PCI) to scan payment card networks. We are able to assist with this for PCI compliance and partner with an ASV provider for this service. The PCI Report can be then be provided in PDF and submitted to the acquiring bank for the merchant.

The IT company I use have suggested that they carry out Pentests and vulnerability scans for me, is it better to seek an independent test rather than them review their own work?

An independent internal and/or external penetration test will provide you with independent assurance that your systems and data are protected and not vulnerable. It is always advisable to get a third party to carry this out for you otherwise it is like marking your own homework.

Will a vulnerability scan identify if I have an intruder within my network?

A vulnerability scan will identify where the weaknesses are in your systems that an intruder would be able to use to gain access.

What information will a vulnerability scan report give me?

The report will identify the severity of any vulnerabilities and we will be able to advise you which need immediate action, and what actions you need to take. The report will show what information an intruder will be able to collect, how sensitive that information is to exploit such as security settings, file contents, or even gain full access by escalating privileges and compromise your entire network.

How much does a penetration test cost?

There is no one size fits all for this as it depends on the scope and your individual requirements.  However, an external scan of a single IP address can cost as little as £100 + VAT per quarter.

If you identify a vulnerability can you help me resolve it?

We will be able to provide you with a full report which will highlight the vulnerabilities and next steps to remediate them, and then we will carry out a retest once you have resolved the issue, often within the price of the original test.

Your question not answered? Contact us now...