PCI Requirement 11.3.3 – Exploitable Vulnerabilities Found During Penetration Testing are Corrected and Testing is Repeated
What To Do with Exploitable Vulnerabilities The purpose of penetration testing is to find vulnerabilities before an attacker does; when you find them, those vulnerabilities need to be corrected. PCI Requirement 11.3.3 states, “Exploitable vulnerabilities found during penetration testing are corrected, and testing is repeated to verify the corrections.” During an assessment, you will provide your assessor with penetration testing results that verify that you found and implemented a…