Your checkout is the money path, and PCI DSS expects an annual penetration test on top of your regular scanning. We test the storefront, the checkout, and the payment surface.
More context on this sector on our E-commerce industry page.
Tailored to E-commerce, delivered by a Toronto security and compliance team led by a published CVE researcher, with our offensive-security partner where offensive testing is involved.
See the full Penetration Testing service page, or productized pricing for fixed-scope engagements.
It expects regular vulnerability scanning and an annual penetration test, and a scan is not a substitute for the test. We scope the pentest around your cardholder data environment so it lines up with your PCI work.
Yes. A hosted or tokenized checkout reduces your PCI scope but does not eliminate your obligations. The storefront, the integration, the admin, and the pages your customers type into are still yours, and that is where we test.
traztech scopes the engagement against your threat model; testing is co-delivered with our offensive-security partner, and critical findings get a free retest.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.