Compliance-Driven Testing
PCI DSS mandates annual penetration testing of your cardholder data environment. Third Eye Security delivers thorough assessments that satisfy Requirement 11.3 and give your QSA the evidence they need.
Get PCI CompliantPCI DSS Requirement 11.3 mandates that organisations perform internal and external penetration testing at least annually and after any significant infrastructure or application change. The test must cover the entire cardholder data environment (CDE), including network infrastructure, web applications and segmentation controls.
PCI DSS v4.0 has strengthened penetration testing requirements, including the need for a defined methodology, testing of all in-scope systems, and validation that segmentation controls are effective at isolating the CDE from out-of-scope networks.
How We Help
We scope our testing precisely to your cardholder data environment, ensuring all in-scope systems, applications and network segments are thoroughly assessed.
We validate that your network segmentation controls effectively isolate the CDE from out-of-scope networks - a critical requirement that many organisations struggle with.
PCI DSS Requirement 6.6 requires web application security assessments. Our testing covers OWASP Top 10 and business logic vulnerabilities specific to payment applications.
Our reports are formatted to meet QSA expectations, with clear mapping to PCI DSS requirements and evidence of control effectiveness for your Report on Compliance (RoC).
For organisations using SoftPOS / Mobile Payments on COTS, we also provide testing aligned to PCI MPoC requirements - covering the 192 security conditions for mobile payment acceptance solutions.
Let us help you meet Requirement 11.3 and protect your cardholder data environment.
Get a Quote