PTES is a set of guidelines and procedures for performing consistent and comprehensive penetration testing

• Background

• Steps

• Resources

Background

PTES was created by a group of experienced security professionals in response to the lack of a standardized approach to penetration testing. The standard has since become widely adopted and recognized as a valuable resource for organizations and security professionals alike.

Steps

1. Pre-engagement Interactions: preparation phase including approvals and tools needed for the test

2. Intelligence gathering: information about the target system are gathered from external sources like social media websites, official record, using OSINT and other techniques

3. Threat Modelling: procedure for optimizing network security by identifying objectives and vulnerabilities

4. Vulnerability Analysis: discover and validate vulnerabilities

5. Exploitation: breach the security of the target system using the vulnerabilities previously identified

6. Post Exploitation: maintain control over target system and collect

7. Reporting: Dodocumentcuments entire process in a form understandable to the client

Resources

• PTES Website

• PTES Technical Guidelines