From The Penetration Testing Execution Standard
Jump to: navigation, search
(18 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
For more information on what this standard is, please visit:
 
For more information on what this standard is, please visit:
  
*[http://www.pentest-standard.org/index.php/FAQ The Penetration Testing Execution Standard: FAQ]
+
*[[FAQ|The Penetration Testing Execution Standard: FAQ]]
  
 
===High Level Organization of the Standard===
 
===High Level Organization of the Standard===
 +
*Note: This is the BETA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today.
 +
 +
'''What we are looking for out of this release:'''
 +
 +
-Gain help from people who understand the direction of the map and will be willing to document the methods used to carry out the tasks identified in the branches
 +
 +
-Take feedback and comments form the community on improvements
 +
 +
-Identify the next phase in terms of defining "levels" for each of the sections.
 +
 +
-Create teams to tackle writing our the formal standard
 +
 +
-Create tools to address the gaps identified during the creation of the Standard
 +
 +
-And most of all, put an end to the poorly defined term Penetration Test!
 +
 +
 +
-Added Content
 +
-Weighting system
 +
-Grading Structure
 +
-Sample contracts
 +
-Sample deliverables
 +
-PTES Adaptive Strength questionnaire
 +
-tons more...
 +
 +
 
Following are the main sections defined by the standard as the basis for penetration testing execution:
 
Following are the main sections defined by the standard as the basis for penetration testing execution:
*[http://www.pentest-standard.org/index.php/Pre-engagement Pre-engagement Interactions]
+
*[[Pre-engagement|Pre-engagement Interactions]]
*[http://www.pentest-standard.org/index.php/intel-gathering Intelligence Gathering]
+
*[[Intelligence_Gathering|Intelligence Gathering]]
*[http://www.pentest-standard.org/index.php/threat-modelling Threat Modelling]
+
*[[Threat_Modeling|Threat Modeling]]
 +
*[[Vulnerability_Analysis|Vulnerability Analysis]]
 +
*[[exploitation|Exploitation]]
 +
*[[Post_Exploitation|Post Exploitation]]
 +
*[[reporting|Reporting]]
 +
 
 +
We welcome comments on all the sections, and have an online version in PDF which we have opened for collaboration [https://acrobat.com/?i=huOmLeHWM9cHJHnfGCI9Lg here].
 +
 
 +
Below is the Penetration Testing Execution Standard Guidelines:
 +
 
 +
*[[PTES_Technical_Guidelines | Technical Guidelines]]

Revision as of 12:04, 19 January 2012

Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.

For more information on what this standard is, please visit:

High Level Organization of the Standard

  • Note: This is the BETA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today.

What we are looking for out of this release:

-Gain help from people who understand the direction of the map and will be willing to document the methods used to carry out the tasks identified in the branches

-Take feedback and comments form the community on improvements

-Identify the next phase in terms of defining "levels" for each of the sections.

-Create teams to tackle writing our the formal standard

-Create tools to address the gaps identified during the creation of the Standard

-And most of all, put an end to the poorly defined term Penetration Test!


-Added Content -Weighting system -Grading Structure -Sample contracts -Sample deliverables -PTES Adaptive Strength questionnaire -tons more...


Following are the main sections defined by the standard as the basis for penetration testing execution:

We welcome comments on all the sections, and have an online version in PDF which we have opened for collaboration here.

Below is the Penetration Testing Execution Standard Guidelines: