Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.
For more information on what this standard is, please visit:
High Level Organization of the Standard
- Note: This is a ALPHA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today. As you will notice, the map has some branches that are not fully expanded as well as some basic information left out.
What we are looking for out of this release:
-Gain help from people who understand the direction of the map and will be willing to document the methods used to carry out the tasks identified in the branches
-Take feedback and comments form the community on improvements
-Identify a timeline for the full standard creation
-Create teams to tackle writing our the formal standard
-Create tools to address the gaps identified during the creation of the Standard
-And most of all, put an end to the poorly defined term Penetration Test!
Not all of these sections will survive the cuts after this round and there are many changes to come:
-Added Content -Weighting system -Grading Structure -Sample contracts -Sample deliverables -PTES Adaptive Strength questionnaire -tons more...
Hope you enjoy... -Nickerson
Following are the main sections defined by the standard as the basis for penetration testing execution:
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Post Exploitation
Below is the Penetration Testing Execution Standard Guidelines: