Vulnerability scanning
Scanning your infrastructure for vulnerabilities
ASV-scanning according to PCI DSS Standard
Check your infrastructure
Vulnerabilities can cause serious and large-scale consequences for your organization. Vulnerability scanning will identify the weak points in the IT infrastructure and allow you to manage them effectively.
AAA can provide you with the one-time vulnerability scanning of your infrastructure or provide vulnerability scanning as a service on regular basis.
Standards recommendations and requirements
PCI DSS requirements
11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
There are three types of vulnerability scanning required for PCI DSS:
- Internal quarterly vulnerability scanning by qualified personnel (use of a PCI SSC Approved Scanning Vendor (ASV) is not required);
- External quarterly vulnerability scanning, which must be performed by an ASV;
- Internal and external scanning as needed after significant changes.
Requirements of ISO 27001 and Regulation Act #95 of National Bank of Ukraine
А.12.6.1 Management of technical vulnerabilities
Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.
How we are working
Using two vulnerability scanners simultaneously to reduce false negative
ASV-scanning of external perimeter according to PCI DSS
External and internal perimeter scanning (with/without authentication)
Web-application smart scanning (with authentication and scanner learning)
Our clients
Our certifications
Our tools
