CDE Validation Testing

Our Card Holder Environment (CDE) validation testing helps you proactively identify and remediate vulnerabilities in the network segmentation you use to protect PCI data.

Secure Your CDE: PCI-DSS Compliance & Validation Testing

Web-based attacks continue to increase, and financial data is consistently some of the most highly targeted data in cyberattacks. PCI has defined the PCI-DSS (Data Security Standard) to help protect consumers, promote trust, ensure legal and regulatory compliance, and provide industry-wide standards for securing payment card data.

A major component of the PCI-DSS is the Cardholder Data Environment, which is the part of the organization’s network that stores, processes, or transmits cardholder data. This includes any system or network component that processes, stores, or transmits cardholder data. This can include servers, applications, databases, networks, and workstations. The CDE also includes any component that is directly connected to the cardholder data environment, such as firewalls, switches, and routers.

If an organization manages cardholder data, it should be processes within the secured CDE, which is segregated from the rest of the organizational network. This additionally protects cardholder data from threats to the rest of the organization.

Evolve Security’s CDE validation testing helps you proactively identify, prioritize, remediate, manage, and report on the integrity of the CDE – helping you to ensure that the CDE is separated from the rest of your network, and that the segregating controls are operating as intended. We provide actionable results, findings, and recommendations, all of which help you verify you have appropriate control over your CDE, and are meeting your security and compliance needs.

Our proven CDE validation testing solution

Evolve Security’s CDE validation testing is designed to not only enable you to reduce risk related to your environment, but are specifically tailored to meet the requirements of the current PCI-DSS. Evolve Security identifies vulnerabilities, and enables you to take proactive actions to perform all remediation. This includes focusing on the network, systems, routers, firewalls, and related devices, as well as the tools, protocols, and services that help support internal network segregation.

Evolve Security follows a best-practice process to accomplish all network penetration testing.

CDE validation testing includes a variety of tool-based and manual efforts, coordinated to provide you the best available information.

Information gathering

Identify attack source, testing windows, IP addresses to be tested, and set rules of engagement.


Network discovery and automated tool testing, vulnerability and application scanning, supported with manual discovery and follow-up as appropriate.

Manual testing, validation and exploitation

Manual validation, testing, and exploitation. Privilege escalation and data exfiltration. Identification, avoidance, and evaluation of existing security controls.

Analysis and reporting

Ongoing updates to our Darwin Attack® portal during testing, but also includes root cause analysis, business risk analysis, findings with evidence, as well as a remediation plan for all negative findings.

Evolve Security’s CDE validation testing includes the exact set of services that are most appropriate for your business needs. These services always focus on providing you with actionable information you can use to make proactive steps to improve the security of your CDE and supporting security controls, while better meeting your business and compliance needs.

Our CDE validation testing services update as cybersecurity threats evolve

PCI-related testing and PCI-DSS compliance are critical components of your enterprise security program.  Commodity services have a place in the market, but are not going to offer you the type of service, details, and effectiveness that you need to identify security problems in your environment, then maximizes your opportunity to fix them in a proactive manner, before a hostile attacker or cybercriminal has the chance to take advantage of them.

Evolve Security combines three important elements to offer the best penetration test services:

Best of breed toolsets

That are regularly evaluated, replaced, and updated to maintain not only the best tools, but most appropriate tools for your specific services


Experienced security experts

With broad ranges of technical experience to help ensure we can provide the most effective service


The Darwin Attack® portal

Which enables efficient, timely communications and collaborations, and supports your management and reporting needs

Get Your Darwin Attack Demo Today

Start Pentesting in 2 Weeks