# Methodology

There are several methodology frameworks for penetration testing that are widely used by security professionals. Here are some of the best:

* [MITRE ATT\&CK](https://redteam.ryanheavican.com/methodology/mitre)
* [NIST SP 800-115](https://redteam.ryanheavican.com/methodology/nist)
* [OWASP Testing Guide](https://redteam.ryanheavican.com/methodology/owasp)
* [Penetration Testing Execution Standard (PTES)](https://redteam.ryanheavican.com/methodology/ptes)
* [SANS Penetration Testing Framework](https://redteam.ryanheavican.com/methodology/sans)

It is important to use a methodology framework for penetration testing for several reasons:

* Structured approach: helps ensure necessary steps are taken to identify and exploit vulnerabilities
* Consistency: helps ensure consistency across different tests and testers
* Best practices: helps reduce risk of unintended consequences
* Communication: structured communication helps set expectations to ensure all are on the same page
* Compliance: many standards require penetration tests be conducted via methodology framework