{"id":1482,"date":"2020-11-08T09:00:00","date_gmt":"2020-11-08T09:00:00","guid":{"rendered":"http:\/\/10.24.225.70\/?p=1482"},"modified":"2026-04-09T14:14:08","modified_gmt":"2026-04-09T12:14:08","slug":"the-basics-of-penetration-testing-in-pci-dss","status":"publish","type":"post","link":"https:\/\/complior.se\/en\/the-basics-of-penetration-testing-in-pci-dss\/","title":{"rendered":"The Basics of Penetration Testing in PCI DSS"},"content":{"rendered":"<div class=\"wp-block-uagb-container uagb-block-1c95cc62 alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-627ud4 is-vertical is-layout-flex wp-container-core-group-is-layout-fe9cc265 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-kadence-advancedbtn kb-buttons-wrap kb-btns1482_8562ce-81\"><a class=\"kb-button kt-button button kb-btn1482_3b22d1-d9 kt-btn-size-standard kt-btn-width-type-auto kb-btn-global-fill  kt-btn-has-text-true kt-btn-has-svg-true  wp-block-kadence-singlebtn\" href=\"https:\/\/complior.se\/en\/resources\/\"><span class=\"kb-svg-icon-wrap kb-svg-icon-fe_arrowLeft kt-btn-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><line x1=\"19\" y1=\"12\" x2=\"5\" y2=\"12\"\/><polyline points=\"12 19 5 12 12 5\"\/><\/svg><\/span><span class=\"kt-btn-inner-text\">Tillbaka till resurser<\/span><\/a><\/div>\n\n\n\n<span class=\"kt-adv-heading1482_4bc706-07 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_4bc706-07\">Blog<\/span>\n\n\n\n<h1 class=\"kt-adv-heading1482_f48427-1e animated fadeIn wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_f48427-1e\">The Basics of Penetration Testing in PCI DSS<\/h1>\n\n\n\n<div class=\"wp-block-group animated fadeIn is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\"><div class=\"publish-date-container\">\r\n\t<svg\r\n\t\twidth=\"16\"\r\n\t\theight=\"16\"\r\n\t\tviewbox=\"0 0 24 24\"\r\n\t\tfill=\"none\"\r\n\t\tstroke=\"#4b4b4b\"\r\n\t\tstroke-width=\"2\"\r\n\t\tstroke-linecap=\"round\"\r\n\t\tstroke-linejoin=\"round\"\r\n\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\r\n\t\taria-hidden=\"true\"\r\n\t>\r\n\t\t<rect x=\"3\" y=\"4\" width=\"18\" height=\"18\" rx=\"2\" ry=\"2\"><\/rect>\r\n\t\t<line x1=\"16\" y1=\"2\" x2=\"16\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"8\" y1=\"2\" x2=\"8\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"3\" y1=\"10\" x2=\"21\" y2=\"10\"><\/line>\r\n\t<\/svg>\r\n\t<span class=\"date-text\">\r\n\t\tNov 08, 2020\t<\/span>\r\n<\/div>\n\n\n<h1 class=\"kt-adv-heading1482_620bd6-4f wp-block-kadence-advancedheading kt-adv-heading-has-icon animated fadeIn delay-100ms\" data-kb-block=\"kb-adv-heading1482_620bd6-4f\"><span class=\"kb-svg-icon-wrap kb-adv-heading-icon kb-svg-icon-fe_clock kb-adv-heading-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><polyline points=\"12 6 12 12 16 14\"\/><\/svg><\/span><span class=\"kb-adv-text-inner\">2 min <\/span><\/h1><\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image1482_8a43a0-30\"><img loading=\"lazy\" decoding=\"async\" width=\"1696\" height=\"954\" src=\"https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited.png\" alt=\"3 people using different navigation equipment \" class=\"kb-img wp-image-80441\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited.png 1696w, https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited-300x169.png 300w, https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited-1024x576.png 1024w, https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited-768x432.png 768w, https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited-1536x864.png 1536w, https:\/\/complior.se\/wp-content\/uploads\/2026\/04\/two-phases-05-edited-18x10.png 18w\" sizes=\"auto, (max-width: 1696px) 100vw, 1696px\" \/><\/figure>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-uagb-container uagb-block-2eeb7bfc alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-1q8sx19 is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1482_c8b1cf-aa wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_c8b1cf-aa\">What is penetration testing?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1482_e47f09-13 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_e47f09-13\">A penetration test can be described as a simulated but realistic cyberattack that aims to determine how far an attacker could penetrate a defined target environment. The main benefit is that the organization being tested gains a better understanding of its potential vulnerabilities and can develop strategies to defend against real attacks.<\/p>\n\n\n\n<p class=\"kt-adv-heading1482_1b16e1-d5 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_1b16e1-d5\">In a PCI DSS environment, the purpose is also to verify through technical testing that all 12 requirements of the standard are properly implemented. To carry out such testing, skilled professionals, often referred to as \u201cethical hackers\u201d, attempt to breach the environment using the same methods as real attackers.<\/p>\n\n\n\n<p class=\"kt-adv-heading1482_e01dd0-ec wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_e01dd0-ec\">Their goal depends on the nature of the environment and, most importantly, the value of the data being protected. The more valuable the data, the more attractive it is to attackers. This is why both the environment and the data it contains define the scope of a penetration test.<\/p>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image1482_a98117-75 size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"501\" src=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/Testing.png\" alt=\"\" class=\"kb-img wp-image-51201\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/Testing.png 500w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/Testing-300x300.png 300w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/Testing-150x150.png 150w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/Testing-12x12.png 12w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-4mh96e is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1482_7f6e44-55 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_7f6e44-55\">What does Cardholder Data Environment mean?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1482_8e1093-cf wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_8e1093-cf\">Within PCI DSS, the scope of penetration testing is the Cardholder Data Environment (CDE) and all connected systems. The PCI Security Standards Council defines the CDE as:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote blockera-block blockera-block-19ryi7r is-layout-flow wp-block-quote-is-layout-flow\" style=\"border-left-color:#0d875c\">\n<p>\u201cThe people, processes and technology that store, process or transmit cardholder data or sensitive authentication data, including any connected system components.\u201d<\/p>\n<\/blockquote>\n\n\n\n<p class=\"kt-adv-heading1482_38ef3b-0c wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_38ef3b-0c\">From a technical perspective, an attacker\u2019s primary goal is to gain access to the CDE and extract cardholder data. Therefore, testing should include:<\/p>\n\n\n\n<ul style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\" class=\"wp-block-list blockera-block blockera-block-7hlyc8 has-manrope-font-family\">\n<li>All locations where cardholder data is stored<\/li>\n\n\n\n<li>Applications that process or transmit cardholder data<\/li>\n\n\n\n<li>Network connections and access points<\/li>\n\n\n\n<li>Any relevant systems depending on the organization\u2019s size and complexity<\/li>\n<\/ul>\n\n\n\n<p class=\"kt-adv-heading1482_f607f7-3f wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_f607f7-3f\">In this context, cardholder data is the \u201choly grail\u201d of penetration testing, while gaining access to critical systems is a key secondary objective.<\/p>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image1482_6a770f-f3 size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/payment.png\" alt=\"\" class=\"kb-img wp-image-51202\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/payment.png 500w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/payment-300x300.png 300w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/payment-150x150.png 150w, https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/payment-12x12.png 12w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-g5ms5d is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1482_15ee33-66 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_15ee33-66\">Defining the scope<\/h2>\n\n\n\n<p class=\"kt-adv-heading1482_8ec222-81 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_8ec222-81\">A clear and thorough definition of scope is essential for any PCI DSS penetration test.This includes identifying where cardholder data exists, how data flows through the organization, which systems are in scope. <\/p>\n\n\n\n<p class=\"kt-adv-heading1482_e10a98-f3 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_e10a98-f3\">Defining scope is a critical task and requires more than just technical penetration testing skills. It also demands deep knowledge of the PCI DSS standard and its requirements. Without this understanding, the results of the test may not be reliable. <\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-g5ms5d is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1482_8c3939-18 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_8c3939-18\">The role of QSA and collaboration<\/h2>\n\n\n\n<p class=\"kt-adv-heading1482_11d85e-77 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_11d85e-77\">A successful PCI DSS penetration test often involves collaboration between a penetration testing team, a PCA QSA (Qualified Security Assessor).<\/p>\n\n\n\n<p class=\"kt-adv-heading1482_9b3a25-c9 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1482_9b3a25-c9\">The QSA ensures that the testing aligns with PCI DSS requirements, while the penetration testers perform the technical attack simulations. This combined effort is essential to ensure a complete and accurate assessment.<\/p>\n<\/div>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate\t\t\t<\/p>","protected":false},"author":2,"featured_media":51200,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"blogg","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":2,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_eb_attr":"","inline_featured_image":false,"_uag_custom_page_level_css":"","wpm_timeformat":"","_wpm_styles":"","footnotes":""},"categories":[118],"tags":[117,127,128],"class_list":["post-1482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogg","tag-blog","tag-pci","tag-pci-dss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Basics of Penetration Testing in PCI DSS - Complior<\/title>\n<meta name=\"description\" content=\"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/complior.se\/en\/the-basics-of-penetration-testing-in-pci-dss\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Basics of Penetration Testing in PCI DSS - Complior\" \/>\n<meta property=\"og:description\" content=\"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate\" \/>\n<meta property=\"og:url\" content=\"https:\/\/complior.se\/en\/the-basics-of-penetration-testing-in-pci-dss\/\" \/>\n<meta property=\"og:site_name\" content=\"Complior\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-08T09:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-09T12:14:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"954\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kikki Bostrom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kikki Bostrom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/\"},\"author\":{\"name\":\"Kikki Bostrom\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\"},\"headline\":\"The Basics of Penetration Testing in PCI DSS\",\"datePublished\":\"2020-11-08T09:00:00+00:00\",\"dateModified\":\"2026-04-09T12:14:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/\"},\"wordCount\":438,\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/two-phases-05.png\",\"keywords\":[\"Blog\",\"PCI\",\"PCI DSS\"],\"articleSection\":[\"Blogg\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/\",\"name\":\"The Basics of Penetration Testing in PCI DSS - Complior\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/two-phases-05.png\",\"datePublished\":\"2020-11-08T09:00:00+00:00\",\"dateModified\":\"2026-04-09T12:14:08+00:00\",\"description\":\"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#primaryimage\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/two-phases-05.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/two-phases-05.png\",\"width\":2048,\"height\":954,\"caption\":\"3 people using different navigation equipment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-basics-of-penetration-testing-in-pci-dss\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/complior.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Basics of Penetration Testing in PCI DSS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/complior.se\\\/#website\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"name\":\"Complior\",\"description\":\"Security beyond compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/complior.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\",\"name\":\"Complior\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"width\":2560,\"height\":960,\"caption\":\"Complior\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\",\"name\":\"Kikki Bostrom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"caption\":\"Kikki Bostrom\"},\"url\":\"https:\\\/\\\/complior.se\\\/en\\\/author\\\/kikki\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Basics of Penetration Testing in PCI DSS - Complior","description":"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/complior.se\/en\/the-basics-of-penetration-testing-in-pci-dss\/","og_locale":"en_GB","og_type":"article","og_title":"The Basics of Penetration Testing in PCI DSS - Complior","og_description":"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate","og_url":"https:\/\/complior.se\/en\/the-basics-of-penetration-testing-in-pci-dss\/","og_site_name":"Complior","article_published_time":"2020-11-08T09:00:00+00:00","article_modified_time":"2026-04-09T12:14:08+00:00","og_image":[{"width":2048,"height":954,"url":"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png","type":"image\/png"}],"author":"Kikki Bostrom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kikki Bostrom","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#article","isPartOf":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/"},"author":{"name":"Kikki Bostrom","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016"},"headline":"The Basics of Penetration Testing in PCI DSS","datePublished":"2020-11-08T09:00:00+00:00","dateModified":"2026-04-09T12:14:08+00:00","mainEntityOfPage":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/"},"wordCount":438,"publisher":{"@id":"https:\/\/complior.se\/#organization"},"image":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png","keywords":["Blog","PCI","PCI DSS"],"articleSection":["Blogg"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/","url":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/","name":"The Basics of Penetration Testing in PCI DSS - Complior","isPartOf":{"@id":"https:\/\/complior.se\/#website"},"primaryImageOfPage":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#primaryimage"},"image":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png","datePublished":"2020-11-08T09:00:00+00:00","dateModified":"2026-04-09T12:14:08+00:00","description":"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate","breadcrumb":{"@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#primaryimage","url":"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png","width":2048,"height":954,"caption":"3 people using different navigation equipment"},{"@type":"BreadcrumbList","@id":"https:\/\/complior.se\/the-basics-of-penetration-testing-in-pci-dss\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/complior.se\/"},{"@type":"ListItem","position":2,"name":"The Basics of Penetration Testing in PCI DSS"}]},{"@type":"WebSite","@id":"https:\/\/complior.se\/#website","url":"https:\/\/complior.se\/","name":"Complior","description":"Security beyond compliance","publisher":{"@id":"https:\/\/complior.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/complior.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/complior.se\/#organization","name":"Complior","url":"https:\/\/complior.se\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/","url":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","width":2560,"height":960,"caption":"Complior"},"image":{"@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016","name":"Kikki Bostrom","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","caption":"Kikki Bostrom"},"url":"https:\/\/complior.se\/en\/author\/kikki\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png",2048,954,false],"thumbnail":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-150x150.png",150,150,true],"medium":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-300x140.png",300,140,true],"medium_large":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-768x358.png",768,358,true],"large":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-1024x477.png",1024,477,true],"1536x1536":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-1536x716.png",1536,716,true],"2048x2048":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05.png",2048,954,false],"trp-custom-language-flag":["https:\/\/complior.se\/wp-content\/uploads\/2020\/11\/two-phases-05-18x8.png",18,8,true]},"uagb_author_info":{"display_name":"Kikki Bostrom","author_link":"https:\/\/complior.se\/en\/author\/kikki\/"},"uagb_comment_info":0,"uagb_excerpt":"A penetration test could be described as but realistic cyber attack that aims to determine how deep an attacker would be able to penetrate","_links":{"self":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/comments?post=1482"}],"version-history":[{"count":8,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1482\/revisions"}],"predecessor-version":[{"id":80452,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1482\/revisions\/80452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media\/51200"}],"wp:attachment":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media?parent=1482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/categories?post=1482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/tags?post=1482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}