Difference between revisions of "Main Page"
| (7 intermediate revisions by 2 users not shown) | |||
| Line 6: | Line 6: | ||
===High Level Organization of the Standard=== | ===High Level Organization of the Standard=== | ||
*Note: This is | *Note: This is the BETA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today. | ||
'''What we are looking for out of this release:''' | '''What we are looking for out of this release:''' | ||
| Line 14: | Line 14: | ||
-Take feedback and comments form the community on improvements | -Take feedback and comments form the community on improvements | ||
-Identify | -Identify the next phase in terms of defining "levels" for each of the sections. | ||
-Create teams to tackle writing our the formal standard | -Create teams to tackle writing our the formal standard | ||
| Line 22: | Line 22: | ||
-And most of all, put an end to the poorly defined term Penetration Test! | -And most of all, put an end to the poorly defined term Penetration Test! | ||
-Added Content | -Added Content | ||
| Line 32: | Line 30: | ||
-PTES Adaptive Strength questionnaire | -PTES Adaptive Strength questionnaire | ||
-tons more... | -tons more... | ||
| Line 40: | Line 35: | ||
*[[Pre-engagement|Pre-engagement Interactions]] | *[[Pre-engagement|Pre-engagement Interactions]] | ||
*[[Intelligence_Gathering|Intelligence Gathering]] | *[[Intelligence_Gathering|Intelligence Gathering]] | ||
*[[ | *[[Threat_Modeling|Threat Modeling]] | ||
*[[Vulnerability_Analysis|Vulnerability Analysis]] | *[[Vulnerability_Analysis|Vulnerability Analysis]] | ||
*[[exploitation|Exploitation]] | *[[exploitation|Exploitation]] | ||
*[[Post_Exploitation|Post Exploitation]] | *[[Post_Exploitation|Post Exploitation]] | ||
*[[reporting|Reporting]] | *[[reporting|Reporting]] | ||
We welcome comments on all the sections, and have an online version in PDF which we have opened for collaboration [https://acrobat.com/?i=huOmLeHWM9cHJHnfGCI9Lg here]. | |||
Below is the Penetration Testing Execution Standard Guidelines: | |||
*[[PTES_Technical_Guidelines | Technical Guidelines]] | |||
Revision as of 12:04, 19 January 2012
Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.
For more information on what this standard is, please visit:
High Level Organization of the Standard
- Note: This is the BETA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today.
What we are looking for out of this release:
-Gain help from people who understand the direction of the map and will be willing to document the methods used to carry out the tasks identified in the branches
-Take feedback and comments form the community on improvements
-Identify the next phase in terms of defining "levels" for each of the sections.
-Create teams to tackle writing our the formal standard
-Create tools to address the gaps identified during the creation of the Standard
-And most of all, put an end to the poorly defined term Penetration Test!
-Added Content
-Weighting system
-Grading Structure
-Sample contracts
-Sample deliverables
-PTES Adaptive Strength questionnaire
-tons more...
Following are the main sections defined by the standard as the basis for penetration testing execution:
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
We welcome comments on all the sections, and have an online version in PDF which we have opened for collaboration here.
Below is the Penetration Testing Execution Standard Guidelines: