Welcome to the Penetration Testing Execution Standard homepage. This will be the ultimate home for the penetration testing execution standard.
For more information on what this standard is, please visit:
High Level Organization of the Standard
- Note: This is the BETA RELEASE. We have had TONS of interest from many members of the security community to help out and we wanted to show where we were at. This effort has been going on since November 2010 and has had over 1800 revisions. The links below are a basic view into where we are at today.
What we are looking for out of this release:
-Gain help from people who understand the direction of the map and will be willing to document the methods used to carry out the tasks identified in the branches
-Take feedback and comments form the community on improvements
-Identify the next phase in terms of defining "levels" for each of the sections.
-Create teams to tackle writing our the formal standard
-Create tools to address the gaps identified during the creation of the Standard
-And most of all, put an end to the poorly defined term Penetration Test!
-Added Content -Weighting system -Grading Structure -Sample contracts -Sample deliverables -PTES Adaptive Strength questionnaire -tons more...
Following are the main sections defined by the standard as the basis for penetration testing execution:
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Post Exploitation
We welcome comments on all the sections, and have an online version in PDF which we have opened for collaboration here.
Below is the Penetration Testing Execution Standard Guidelines: