Vulnerability scanning

Scanning your infrastructure for vulnerabilities

ASV-scanning according to PCI DSS Standard

Check your infrastructure

Vulnerabilities can cause serious and large-scale consequences for your organization. Vulnerability scanning will identify the weak points in the IT infrastructure and allow you to manage them effectively.


AAA can provide you with the one-time vulnerability scanning of your infrastructure or provide vulnerability scanning as a service on regular basis.

Standards recommendations and requirements

PCI DSS requirements

11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

There are three types of vulnerability scanning required for PCI DSS:

  • Internal quarterly vulnerability scanning by qualified personnel (use of a PCI SSC Approved Scanning Vendor (ASV) is not required);
  • External quarterly vulnerability scanning, which must be performed by an ASV;
  • Internal and external scanning as needed after significant changes.

Requirements of ISO 27001 and Regulation Act #95 of National Bank of Ukraine

А.12.6.1 Management of technical vulnerabilities

Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

How we are working

Using two vulnerability scanners simultaneously to reduce false negative

ASV-scanning of external perimeter according to PCI DSS

External and internal perimeter scanning (with/without authentication)

Web-application smart scanning (with authentication and scanner learning)

Our clients

Our certifications

Our tools

Order a vulnerability scan

ASV scan