Support

PCI

PCI Scanning and Compliance

beSecurity is a PCI Approved Scanning Vendor

PCI DSS 11.3 Penetration Testing using AVDS

PCI DSS Requirement 11.3 addresses penetration testing, which is different than the external and internal vulnerability assessments required by PCI DSS Requirement 11.2. A vulnerability assessment simply identifies and reports noted vulnerabilities, whereas a penetration test attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible. Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications, and should occur from both external and from inside the network.


This is exactly what AVDS does. It specifically attempts to exploit vulnerabilities using carefully crafted inputs that reveal their actual presence without making any changes to or injecting any payload into the target application or device. AVDS tests network and application layers as well as the controls and processes used by networks and applications. It tests from outside the network and from within the network.


Typical Vulnerability Assessment solutions do not satisfy penetration testing requirements. They almost universally check for the current version number as reported by each host, and deduce vulnerabilities based on version. As noted in the introduction above this does NOT determine whether unauthorized access of other malicious activity is actually possible.

beSecurity and beSECURE (formerly AVDS): PCI ASV Scanning Services

beSecurity delivers fast and cost effective PCI compliance scanning. Our network vulnerability system, beSECURE, scales from doing PCI scanning of just a single domain to scanning an international network with hundreds of thousands of IPs. BeSECURE is CVE certified and meets reporting requirements for all financial, medical and government security standards. Check our PCI Compliance FAQ for more answers to your questions.

Simplify Your PCI Compliance With beSECURE

beSECURE is the one Vulnerability Assessment product you need to comply with PCI scanning and the testing of all your internal and external equipment and applications. BeSECURE provides real-time scanning and reporting to rapidly identify your most serious vulnerabilities. Then once every quarter beSecurity will produce the PCI ASV report that documents your compliance with the PCI DSS. Using the same system for both routine reporting and PCI compliance reporting avoids surprises. Know before you get your quarterly PCI compliance report that you meet the PCI Data Security Standard.

Easy, Complete and Cost Effective

beSECURE was designed from the top down to be easily managed, accurate and efficient. Set up is fast; beSECURE requires no installation of clients and it automatically finds, documents and tests everything that ‘speaks IP’.

Using its own proprietary library of tests, beSECURE reveals the presence of security weaknesses in equipment and applications without any disruption of service. beSECURE is specifically designed to have the lowest possible rate of false positives, saving you from chasing up non-existent issues.

Our competitive advantages

Configurable

AVDS can be run quarterly, monthly or even weekly on frequently changing services like
web servers and web applications. New hosts are immediately detected and tested,
Changes that create weaknesses are promptly discovered and newly announced
vulnerabilities are added to the test library daily.

Highly automated

AVDS is designed to be run by any competent network admin. It is highly automated and
its ease of use, accuracy of tests and short, to-the-point reports encourage compliance.

Great saving

A typical AVDS installation can be purchased outright for the cost of one comprehensive
penetration test. In future years, a great savings can be experienced.

AVDS is designed to scan entire networks quickly and its licensing model encourages
broad use.

What our customers say about us:

We now have the ability to scan at any time. Regular vulnerability assessments scans are like having sonar on our own network. We always know what is going on around us.
Previously, I have dealt with many (many) different scanning vendors in my 15+ years in IT- security. BeSECURE from Beyond Security is the first solution I could power up, configure and start doing useful scans within 15 minutes of my first session – awesome!
The information provided in the reports is very clear and concise. It explains to engineers what the problem is, where to look for more information, and how to fix it.
We needed a way to discover and audit network assets, understand and prioritize current network vulnerabilities, then track and manage the remediation efforts over time. After a three month review of nearly ten different vulnerability scanning vendors we chose Beyond Security’s beSECURE. We had specifically selected beSECURE because it would cause no disruption to our systems and required no installation of any new software on our systems.

Have some questions?

Whether you have questions about our services, pricing, appointments, or anything else, our team is ready to answer all your questions.

Ask Us Now

beSecurity

Beyond Security’s automated security testing technologies discover and report security weaknesses in networks, web sites and software.

Resources

  • +65 6816 8200
  • support@besecurity.biz
  • 808 French Road #03-08
    Singapore 200808
@ 2025 beSecurity All rights reserved