In addition to the RoC, Level 1 merchants and service providers must undergo annual penetration testing to get and stay PCI compliant. Below are trusted companies that can perform a PCI penetration test for you.
Breachlock
Breachlock provides pen testing services that include automated web scanning, detailed penetration testing reports with compliance indicators, and fast DevOps remediation to help you
continually meet compliance requirements for PCI DSS.
Cobalt
Cobalt’s team of highly vetted pen testers will not only complete a PCI pen test for you to identify vulnerabilities, they will also help you fix them.
GRSee Consulting
GRSee Consulting has a comprehensive onboarding process to understand the scope of your platform’s processes and business logic to design customized pen testing that meets your specific needs and goals.
Insight Assurance
Insight Assurance’s experienced ethical hackers perform point-in-time penetration testing services to help you meet PCI compliance requirements and have peace of mind.
Moss Adams
Moss Adams can perform the annual network- and application-level penetration testing required for PCI compliance.
NetSPI
NetSPI is an offensive security company that partners with organizations to customize vulnerability management programs with a focus on penetration testing.
Prescient Assurance
Prescient Assurance uses a custom penetration testing methodology that includes all PCI testing requirements and is based on best practices from OWASP, NIST 800-115, and OSSTMM.
Red Sentry
Red Sentry’s in-house team of pentesters are certified industry experts with years of experience and education that can deliver accurate and actionable reports for any environment.
Software Secured
Software Secured offers 360 penetration testing, a comprehensive security test that helps you meet the requirements of PCI DSS as well as SOC 2, ISO 27001, and HIPAA.
