Contact Us

Log in


How can Probely help you achieve compliance with security certifications?

Achieve PCI-DSS Compliance Using Probely’s Automated Scanner

If your organization stores, processes or transmits cardholder data, your organization must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Non-compliance may result in fines and having your merchant account blocked. There are varying levels of compliance, depending on what type of provider you are and how you interact with cardholder data. If you’re reading this, you’re probably looking for SAQ A-EP or SAQ D compliance (Merchant or Service Provider).

The PCI-DSS stipulates that vendors of public-facing web applications regularly address new threats and vulnerabilities to protect them from known attacks. Two methods are suggested: using manual or automated web application vulnerability scanning tools or methods at least annually and after any changes in the application, or installing an automated solution that assesses all targets. The goal is to detect security gaps and prevent web-based attacks against all public-facing web applications. Please note that Requirement 6.6 is not achieved using an Approved Scanning Vendor (ASV) as defined in Requirement 11.2. This is a different type of scanner with a different purpose (and so are requirements 6.6 and 11.2).

Probely provides an easy and effective way to comply with PCI-DSS, by automating and integrating scanning into your development processes and CI/CD pipelines. Scan reports include a PCI section with all requirements listed below and whether the target has failed or succeeded. Alternatively, you can produce a PCI-DSS Compliance Report.

PCI-DSS Requirement checklist

Probely helps you meet the following PCI requirements:

4.1 Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over public networks

6.2 Ensure that all system components have the latest security patches installed


6.5.1 Address injection flaws (SQL injection, OS Command injection, XPath, etc)

6.5.4 Address insecure communication flaws

6.5.5 Address improper error handling flaws

6.5.6 Address all “high risk” identified vulnerabilities

6.5.7 Address Cross-site scripting (XSS) vulnerabilities

6.5.8 Address improper access control flaws

6.5.9 Address Cross-site request forgery (CSRF) flaws

6.5.10 Address Broken authentication and session management flaws

6.6 Review public-facing web applications via automated application vulnerability scanning tools after any change and at least annually.

Try Probely for free