CINXE.COM

The Penetration Testing Execution Standard

<!DOCTYPE html> <html class="client-nojs" lang="en" dir="ltr"> <head> <meta charset="UTF-8"/> <title>The Penetration Testing Execution Standard</title> <script>document.documentElement.className="client-js";RLCONF={"wgBreakFrames":!1,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy","wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"8a6036601014b24aa4af225f","wgCSPNonce":!1,"wgCanonicalNamespace":"","wgCanonicalSpecialPageName":!1,"wgNamespaceNumber":0,"wgPageName":"Main_Page","wgTitle":"Main Page","wgCurRevisionId":950,"wgRevisionId":950,"wgArticleId":1,"wgIsArticle":!0,"wgIsRedirect":!1,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":[],"wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Main_Page","wgRelevantArticleId":1,"wgIsProbablyEditable":!1,"wgRelevantPageIsProbablyEditable":!1,"wgRestrictionEdit":["sysop"],"wgRestrictionMove":["sysop"],"wgIsMainPage":!0};RLSTATE={"site.styles":"ready","noscript":"ready","user.styles": "ready","user":"ready","user.options":"loading","skins.vector.styles.legacy":"ready"};RLPAGEMODULES=["site","mediawiki.page.ready","skins.vector.legacy.js"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.implement("user.options@1hzgi",function($,jQuery,require,module){/*@nomin*/mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); });});</script> <link rel="stylesheet" href="/load.php?lang=en&amp;modules=skins.vector.styles.legacy&amp;only=styles&amp;skin=vector"/> <script async="" src="/load.php?lang=en&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=vector"></script> <meta name="ResourceLoaderDynamicStyles" content=""/> <link rel="stylesheet" href="/load.php?lang=en&amp;modules=site.styles&amp;only=styles&amp;skin=vector"/> <meta name="generator" content="MediaWiki 1.36.2"/> <link rel="shortcut icon" href="/favicon.ico"/> <link rel="search" type="application/opensearchdescription+xml" href="/opensearch_desc.php" title="The Penetration Testing Execution Standard (en)"/> <link rel="EditURI" type="application/rsd+xml" href="http://www.pentest-standard.org/api.php?action=rsd"/> <link rel="license" href="http://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"/> <link rel="alternate" type="application/atom+xml" title="The Penetration Testing Execution Standard Atom feed" href="/index.php?title=Special:RecentChanges&amp;feed=atom"/> </head> <body class="mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Main_Page rootpage-Main_Page skin-vector action-view skin-vector-legacy"><div id="mw-page-base" class="noprint"></div> <div id="mw-head-base" class="noprint"></div> <div id="content" class="mw-body" role="main"> <a id="top"></a> <div id="siteNotice" class="mw-body-content"></div> <div class="mw-indicators mw-body-content"> </div> <h1 id="firstHeading" class="firstHeading" >Main Page</h1> <div id="bodyContent" class="mw-body-content"> <div id="siteSub" class="noprint">From The Penetration Testing Execution Standard</div> <div id="contentSub"></div> <div id="contentSub2"></div> <div id="jump-to-nav"></div> <a class="mw-jump-link" href="#mw-head">Jump to navigation</a> <a class="mw-jump-link" href="#searchInput">Jump to search</a> <div id="mw-content-text" lang="en" dir="ltr" class="mw-content-ltr"><div class="mw-parser-output"><h3><span class="mw-headline" id="High_Level_Organization_of_the_Standard">High Level Organization of the Standard</span></h3> <p>The penetration testing execution standard consists of seven (7) main sections. These cover everything related to a penetration test - from the initial communication and reasoning behind a pentest, through the intelligence gathering and threat modeling phases where testers are working behind the scenes in order to get a better understanding of the tested organization, through vulnerability research, exploitation and post exploitation, where the technical security expertise of the testers come to play and combine with the business understanding of the engagement, and finally to the reporting, which captures the entire process, in a manner that makes sense to the customer and provides the most value to it. </p><p>This version can be considered a v1.0 as the core elements of the standard are solidified, and have been "road tested" for over a year through the industry. A v2.0 is in the works soon, and will provide more granular work in terms of "levels" - as in intensity levels at which each of the elements of a penetration test can be performed at. As no pentest is like another, and testing will range from the more mundane web application or network test, to a full-on red team engagement, said levels will enable an organization to define how much sophistication they expect their adversary to exhibit, and enable the tester to step up the intensity on those areas where the organization needs them the most. Some of the initial work on "levels" can be seen in the intelligence gathering section. </p><p>Following are the main sections defined by the standard as the basis for penetration testing execution: </p> <ul><li><a href="/index.php/Pre-engagement" title="Pre-engagement">Pre-engagement Interactions</a></li> <li><a href="/index.php/Intelligence_Gathering" title="Intelligence Gathering">Intelligence Gathering</a></li> <li><a href="/index.php/Threat_Modeling" title="Threat Modeling">Threat Modeling</a></li> <li><a href="/index.php/Vulnerability_Analysis" title="Vulnerability Analysis">Vulnerability Analysis</a></li> <li><a href="/index.php/Exploitation" title="Exploitation">Exploitation</a></li> <li><a href="/index.php/Post_Exploitation" title="Post Exploitation">Post Exploitation</a></li> <li><a href="/index.php/Reporting" title="Reporting">Reporting</a></li></ul> <p>As the standard does not provide any technical guidelines as far as how to execute an actual pentest, we have also created a technical guide to accompany the standard itself. The technical gude can be reached via the link below: </p> <ul><li><a href="/index.php/PTES_Technical_Guidelines" title="PTES Technical Guidelines"> Technical Guidelines</a></li></ul> <p>For more information on what this standard is, please visit: </p> <ul><li><a href="/index.php/FAQ" title="FAQ">The Penetration Testing Execution Standard: FAQ</a></li></ul> <!-- NewPP limit report Cached time: 20241122171218 Cache expiry: 86400 Dynamic content: false Complications: [] CPU time usage: 0.006 seconds Real time usage: 0.007 seconds Preprocessor visited node count: 3/1000000 Post鈥恊xpand include size: 0/2097152 bytes Template argument size: 0/2097152 bytes Highest expansion depth: 2/40 Expensive parser function count: 0/100 Unstrip recursion depth: 0/20 Unstrip post鈥恊xpand size: 0/5000000 bytes --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 0.000 1 -total --> <!-- Saved in parser cache with key pentestmediawiki:pcache:idhash:1-0!canonical and timestamp 20241122171218 and revision id 950. Serialized with JSON. --> </div> <div class="printfooter">Retrieved from "<a dir="ltr" href="http://www.pentest-standard.org/index.php?title=Main_Page&amp;oldid=950">http://www.pentest-standard.org/index.php?title=Main_Page&amp;oldid=950</a>"</div></div> <div id="catlinks" class="catlinks catlinks-allhidden" data-mw="interface"></div> </div> </div> <div id="mw-navigation"> <h2>Navigation menu</h2> <div id="mw-head"> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-personal" class="mw-portlet mw-portlet-personal vector-menu" aria-labelledby="p-personal-label" role="navigation" > <h3 id="p-personal-label" class="vector-menu-heading"> <span>Personal tools</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"><li id="pt-login"><a href="/index.php?title=Special:UserLogin&amp;returnto=Main+Page" title="You are encouraged to log in; however, it is not mandatory [o]" accesskey="o">Log in</a></li></ul> </div> </nav> <div id="left-navigation"> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-namespaces" class="mw-portlet mw-portlet-namespaces vector-menu vector-menu-tabs" aria-labelledby="p-namespaces-label" role="navigation" > <h3 id="p-namespaces-label" class="vector-menu-heading"> <span>Namespaces</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"><li id="ca-nstab-main" class="selected"><a href="/index.php/Main_Page" title="View the content page [c]" accesskey="c">Main page</a></li><li id="ca-talk" class="new"><a href="/index.php?title=Talk:Main_Page&amp;action=edit&amp;redlink=1" rel="discussion" title="Discussion about the content page (page does not exist) [t]" accesskey="t">Discussion</a></li></ul> </div> </nav> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-variants" class="mw-portlet mw-portlet-variants emptyPortlet vector-menu vector-menu-dropdown" aria-labelledby="p-variants-label" role="navigation" > <input type="checkbox" class="vector-menu-checkbox" aria-labelledby="p-variants-label" /> <h3 id="p-variants-label" class="vector-menu-heading"> <span>Variants</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"></ul> </div> </nav> </div> <div id="right-navigation"> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-views" class="mw-portlet mw-portlet-views vector-menu vector-menu-tabs" aria-labelledby="p-views-label" role="navigation" > <h3 id="p-views-label" class="vector-menu-heading"> <span>Views</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"><li id="ca-view" class="selected"><a href="/index.php/Main_Page">Read</a></li><li id="ca-viewsource"><a href="/index.php?title=Main_Page&amp;action=edit" title="This page is protected.&#10;You can view its source [e]" accesskey="e">View source</a></li><li id="ca-history"><a href="/index.php?title=Main_Page&amp;action=history" title="Past revisions of this page [h]" accesskey="h">View history</a></li></ul> </div> </nav> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-cactions" class="mw-portlet mw-portlet-cactions emptyPortlet vector-menu vector-menu-dropdown" aria-labelledby="p-cactions-label" role="navigation" > <input type="checkbox" class="vector-menu-checkbox" aria-labelledby="p-cactions-label" /> <h3 id="p-cactions-label" class="vector-menu-heading"> <span>More</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"></ul> </div> </nav> <div id="p-search" role="search" > <h3 > <label for="searchInput">Search</label> </h3> <form action="/index.php" id="searchform"> <div id="simpleSearch" data-search-loc="header-navigation"> <input type="search" name="search" placeholder="Search The Penetration Testing Execution Standard" autocapitalize="sentences" title="Search The Penetration Testing Execution Standard [f]" accesskey="f" id="searchInput"/> <input type="hidden" name="title" value="Special:Search"/> <input type="submit" name="fulltext" value="Search" title="Search the pages for this text" id="mw-searchButton" class="searchButton mw-fallbackSearchButton"/> <input type="submit" name="go" value="Go" title="Go to a page with this exact name if it exists" id="searchButton" class="searchButton"/> </div> </form> </div> </div> </div> <div id="mw-panel"> <div id="p-logo" role="banner"> <a class="mw-wiki-logo" href="/index.php/Main_Page" title="Visit the main page"></a> </div> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-navigation" class="mw-portlet mw-portlet-navigation vector-menu vector-menu-portal portal" aria-labelledby="p-navigation-label" role="navigation" > <h3 id="p-navigation-label" class="vector-menu-heading"> <span>Navigation</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"><li id="n-mainpage-description"><a href="/index.php/Main_Page" title="Visit the main page [z]" accesskey="z">Main page</a></li><li id="n-PTES-Technical-Guideline"><a href="/index.php/PTES_Technical_Guidelines">PTES Technical Guideline</a></li><li id="n-In-the-Media"><a href="/index.php/Media">In the Media</a></li><li id="n-FAQ"><a href="/index.php/FAQ">FAQ</a></li></ul> </div> </nav> <!-- Please do not use role attribute as CSS selector, it is deprecated. --> <nav id="p-tb" class="mw-portlet mw-portlet-tb vector-menu vector-menu-portal portal" aria-labelledby="p-tb-label" role="navigation" > <h3 id="p-tb-label" class="vector-menu-heading"> <span>Tools</span> </h3> <div class="vector-menu-content"> <ul class="vector-menu-content-list"><li id="t-whatlinkshere"><a href="/index.php/Special:WhatLinksHere/Main_Page" title="A list of all wiki pages that link here [j]" accesskey="j">What links here</a></li><li id="t-recentchangeslinked"><a href="/index.php/Special:RecentChangesLinked/Main_Page" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li><li id="t-specialpages"><a href="/index.php/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li><li id="t-print"><a href="javascript:print();" rel="alternate" title="Printable version of this page [p]" accesskey="p">Printable version</a></li><li id="t-permalink"><a href="/index.php?title=Main_Page&amp;oldid=950" title="Permanent link to this revision of the page">Permanent link</a></li><li id="t-info"><a href="/index.php?title=Main_Page&amp;action=info" title="More information about this page">Page information</a></li></ul> </div> </nav> </div> </div> <footer id="footer" class="mw-footer" role="contentinfo" > <ul id="footer-info" > <li id="footer-info-lastmod"> This page was last edited on 16 August 2014, at 20:14.</li> <li id="footer-info-copyright">Content is available under <a class="external" rel="nofollow" href="http://www.gnu.org/licenses/old-licenses/fdl-1.2.txt">GNU Free Documentation License 1.2</a> unless otherwise noted.</li> </ul> <ul id="footer-places" > <li id="footer-places-privacy"><a href="/index.php/The_Penetration_Testing_Execution_Standard:Privacy_policy" title="The Penetration Testing Execution Standard:Privacy policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/index.php/The_Penetration_Testing_Execution_Standard:About" title="The Penetration Testing Execution Standard:About">About The Penetration Testing Execution Standard</a></li> <li id="footer-places-disclaimer"><a href="/index.php/The_Penetration_Testing_Execution_Standard:General_disclaimer" title="The Penetration Testing Execution Standard:General disclaimer">Disclaimers</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="http://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"><img src="/resources/assets/licenses/gnu-fdl.png" alt="GNU Free Documentation License 1.2" width="88" height="31" loading="lazy"/></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/"><img src="/resources/assets/poweredby_mediawiki_88x31.png" alt="Powered by MediaWiki" srcset="/resources/assets/poweredby_mediawiki_132x47.png 1.5x, /resources/assets/poweredby_mediawiki_176x62.png 2x" width="88" height="31" loading="lazy"/></a></li> </ul> </footer> <script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgPageParseReport":{"limitreport":{"cputime":"0.006","walltime":"0.007","ppvisitednodes":{"value":3,"limit":1000000},"postexpandincludesize":{"value":0,"limit":2097152},"templateargumentsize":{"value":0,"limit":2097152},"expansiondepth":{"value":2,"limit":40},"expensivefunctioncount":{"value":0,"limit":100},"unstrip-depth":{"value":0,"limit":20},"unstrip-size":{"value":0,"limit":5000000},"timingprofile":["100.00% 0.000 1 -total"]},"cachereport":{"timestamp":"20241122171218","ttl":86400,"transientcontent":false}}});mw.config.set({"wgBackendResponseTime":169});});</script> </body></html>

Pages: 1 2 3 4 5 6 7 8 9 10