Conducting a pentest

Good day!

I have certification and significant experience in conducting penetration tests for PCI DSS compliance. I perform the full cycle of work according to the requirements of the PCI DSS 4.0.1 standard (sections 11.4.2-11.4.3, 11.4.6).

Scope of work:

1. Internal penetration test
- Testing from the internal network level
- Checking CDE systems and adjacent segments
… - Identifying vulnerabilities in the internal infrastructure
- Detailed report with all identified issues, CVSS ratings, and recommendations

2. External penetration test
- Testing external entry points (web applications, APIs, VPN)
- Checking external interfaces from the internet
- OWASP Top 10 testing
- Report with Proof of Concept and step-by-step reproduction instructions

3. Penetration test for segmentation control
- Validation of network segmentation effectiveness
- Checking isolation of CDE from non-CDE segments
- Testing firewalls and network ACLs
- Architecture diagram and report on segmentation status

Methodology:
- Use of standardized methodologies (OWASP, PTES, NIST)
- Detailed documentation of all identified vulnerabilities
- Risk assessment considering impact on CDE
- Specific recommendations with remediation priorities

Result:
- 3 complete reports according to PCI DSS requirements
- Executive Summary for management
- Detailed technical documentation for the IT department
- Remediation plan with timelines and priorities
- Consultation during vulnerability remediation

I guarantee quality execution, full compliance with PCI DSS requirements, and support during the audit.

Show original

Translate

Good hour, I can do this, please provide a more detailed specification in private messages, I hope for cooperation.

Show original

Translate