Your browser has been detected as Internet Explorer 6 or lower. Please note that some website functionality may be incompatible. Therefore we strongly recommend upgrading your browser.

About Us

Testing Services

7Safe Services

Follow us on

  • Follow us on Twitter
CREST Approved Pen Testing services

RSS News & Events

PCI Penetration Testing

PCI penetration testing and compliance

A PCI penetration test refers to penetration testing that needs to be carried out for those companies who are required to be PCI DSS compliant and will be specific to an organisation’s Cardholder Data Environment (CDE). Penetration testing forms part of requirement 11.3 of the PCI DSS and for some organisations, PCI penetration testing is a mandatory requirement on a yearly basis.

7Safe has built up a very strong understanding of the PCI penetration testing requirements and also how organisations are compromised when access to the CDE is gained (please see our Security Investigations and Assessments team).  Our penetration testing team and PCI consulting team (QSA) both fit into 7Safe’s Information Security Consulting delivery structure and thus work very closely together which we find is tremendously valuable to our customers.  For example, during a PCI audit, our PCI consultants will know that the correct CDE scope for penetration testing will have been defined and that the correct series of tests and therefore controls will be in place

We also work for clients that source PCI consultancy elsewhere. Our detailed knowledge of the Standard serves our client well in that we can still correctly scope the CDE and therefore the scope of penetration testing.

During PCI penetration testing 7Safe’s consultants also deploy our 7Seec  PAN (Primary Account Number) scanning tool to establish the presence of unencrypted / unprotected PANs which clearly are a breach of the PCI requirements. This adds incredible value in that we wish to ensure all efforts to protect the PAN are undertaken to avoid a PCI breach (and therefore the need for a Qualified Forensic Investigator investigation).

Clearly the Standard also highlights the issues of secure code development and review which is a service that 7Safe’s penetration testing and application testing team provide.

PCI DSS Standards Council

Scanning for Primary Account Numbers (PANs) with 7Seec

VN:F [1.9.22_1171]
Rating: 4.5/5 (16 votes cast)
  • Share/Bookmark

PCI Primary Account Number (PAN) Scanning Discovery Service

Do you need to search for unencrypted credit card holder data on your live corporate server and desktop hard drives due to PCI compliance requirements?  It is hard to know where to start. 

That’s why 7Safe developed the 7seec unencrypted PAN search discovery service.

PCI Scanning on servers and desktops to search for Primary Account Numbers or PAN data

Our experienced PCI consultants use 7Safe’s own bespoke 7seec credit card scanning engine to find unencrypted cardholder data.  The service is tailored to your requirements as we run scans across your systems, then use powerful post-scan filtering and the experience of our PCI experts to eradicate false positives to provide you with a valuable report.

We find credit card data at tremendous speed. The scanning technology we use is also “forensically sound” in that it does not alter data. This is because 7seec was designed from 7Safe’s work in credit card security breach investigations on behalf of Visa and Mastercard.  7Seec finds PANs (Primary Account Numbers based on the Luhn algorithm with false positive checking) and Track 1 & 2 data and utilises a list of valid card numbers.

Entire raw disk/Partitions/FileSystem (inc NTFS)/Folders/Individual Files/OS areas (files hidden from OS)/ Deleted file space/Restore Points/Alternate Data Streams/Locked Files/NTFS images (i.e. Forensic copies).

All text files as well as databases, Exchange databases (edb), MS Office files (Word, Excel, PPT- both new and old formats), Outlook PST email, WinZip32, uncompressed PDFs.

The 7seec service doesn’t alter document metadata & the service is used on many OS types including Windows, Mac, Solaris and other *NIX.

Although our consultants use the 7seec command line version, we have also developed a basic GUI for demonstration purposes, which can be seen in the short video below.

VN:F [1.9.22_1171]
Rating: 4.0/5 (24 votes cast)
  • Share/Bookmark

Database Penetration Testing Security Experts

 7Safe's security testing of databases including Oracle, SQL Server, MySQL

Database penetration testing is often an extremely overlooked component of an organisation’s security and hence the possibly the most vulnerable. And of course, the database is also the location in which vast and rich amounts of data may reside. 7safe’s database penetration testing consultants analyse the security of the database from a number of perspectives including;

  • Attacks coming from internal users (authenticated and un-authenticated access)
  • Security of the data within the database (e.g. encryption/hashing techniques used for storing sensitive data)
  • Database hardening and security

Over the years and through our application security penetration testing programme, 7safe has developed extensive experience with the following database products:

  • Microsoft SQL Server (all versions)
  • Oracle Database (all versions and all platforms)
  • MySQL Server (all versions and all platforms)

Oracle Database Security White Paper

7Safe’s Principal Security Consultant, Sumit “Sid” Siddharth, speaks to CEO Alan Phillips about hacking Oracle via web applications here. Our white paper “Hacking Oracle from the Web: Exploiting SQL Injection from Web Applications can be located here.

VN:F [1.9.22_1171]
Rating: 2.8/5 (8 votes cast)
  • Share/Bookmark
ISO 27001 & 9001
7Safe London
123 Buckingham Palace Road
London, SW1W 9SR
United Kingdom

Tel: +44 (0)870 600 1667
Fax: +44 (0)122 328 1114
7Safe Cambridge
Cambridge Technology Centre
Melbourn, Herts SG8 6DP
United Kingdom

Tel: +44 (0)870 600 1667
Fax: +44 (0)122 328 1114