Fix it. Retest it.
PCI DSS 11.4.4 says every exploitable weakness a penetration test finds has to be corrected, then retested to confirm the fix held. AutoAttack re-runs the same attack path on demand, so you can see whether the path you fixed still lets an attacker through before your qualified retest, and hand your assessor the evidence either way.
Deploy →what requirement 11.4.4 asks
how AutoAttack closes the loop
where AutoAttack fits your program
common questions
Does AutoAttack make my company PCI DSS compliant?
No. AutoAttack does not issue a Report on Compliance or an Attestation of Compliance, and it is not a QSA. It proves whether an exploitable path is open or closed and hands that evidence to the qualified assessor who signs off your PCI penetration testing.
What is PCI DSS requirement 11.4.4?
Requirement 11.4.4 says exploitable vulnerabilities found during penetration testing must be corrected, and the penetration testing repeated to verify the corrections. It is the retest obligation that follows every internal and external PCI penetration test.
Can AutoAttack replace my annual PCI penetration test?
No. Requirements 11.4.2 and 11.4.3 call for a qualified internal resource or independent third party to perform the internal and external tests. AutoAttack runs alongside that engagement, re-verifying fixes on demand and testing segmentation between the annual tests, so less is left to find.