Penetration Testing Execution Standard (PTES) is a penetration testing method.It was developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. In addition to guiding security professionals, it also attempts to inform businesses with what they should expect from a penetration test and guide them in scoping and negotiating successful projects.
PTES describes the penetration test in seven main sections:
- Pre-engagement Interactions:
This is the preparation phase for the pen test. It is all about document approvals and tools needed for the test.
- Intelligence gathering:
In this phase information about the target system are gathered from external sources like social media websites, official records etc. This phase comes under OSINT (Open-Source Intelligence).
- Threat Modelling:
It is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. It is skipped in typical pan tests.
- Vulnerability Analysis:
This phase discovers and validates vulnerabilities.That is risk that an attacker could exploit and gain authorized access to the system or application.
In this phase, the tester try to reach the security of the target system using the vulnerabilities previously identified and validated.
- Post Exploitation:
This phase maintains the control over target system and collects data.
Documents entire process in a form understandable to the client. The report about the security of the target system.
- Types of Software Testing
- Software Testing | Basics
- Beta Testing | Software Testing
- Pairwise Software Testing
- Benefits of Automated Cross-Browser Testing for Online Business
- Software Engineering | Black box testing
- Software Engineering | Differences between Sanity Testing and Smoke Testing
- Localization Testing
- Software Engineering | Testing Guidelines
- Software Engineering | White box Testing
- Software Engineering | Seven Principles of software testing
- Software Testing | Endurance Testing
- Difference between Frontend Testing and Backend Testing
- Software Testing | Dynamic Testing
- Software Engineering | Integration Testing
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.