In-house Penetration Testing for PCI DSS

Many organisations are struggling with the rigorous security requirements that PCI DSS places on those that are storing, processing and transmitting credit card data. One of the tasks that can be difficult to comply with, and costly to outsource, is penetration testing. PCI DSS requires that an organisation perform internal and external penetration testing at least annually and after any significant changes to the environment. This paper attempts to ease the burden of penetration testing by providing methods and sample documents to put PCI DSS compliant penetration testing within reach of the in-house security professional.