Hey, I have a good read about PCI DSS compliance and for what does it need.
Here you can find the information http://scanforsecurity.com/pci-dss-why-do-you-need-it-and-how-does-it-works/
Do you know, that PCI DSS mostly requires vulnerability assessment and not pentesting? And that's it! If you want to have really secure environment than you need to combine both VA and pentests.
VA need mostly for compliance (just to check out some critical vectors) and for real security you will need pentests.
Nov 16th 2016
3 years ago