PTES is a set of guidelines and procedures for performing consistent and comprehensive penetration testing


PTES was created by a group of experienced security professionals in response to the lack of a standardized approach to penetration testing. The standard has since become widely adopted and recognized as a valuable resource for organizations and security professionals alike.


  1. Pre-engagement Interactions: preparation phase including approvals and tools needed for the test

  2. Intelligence gathering: information about the target system are gathered from external sources like social media websites, official record, using OSINT and other techniques

  3. Threat Modelling: procedure for optimizing network security by identifying objectives and vulnerabilities

  4. Vulnerability Analysis: discover and validate vulnerabilities

  5. Exploitation: breach the security of the target system using the vulnerabilities previously identified

  6. Post Exploitation: maintain control over target system and collect

  7. Reporting: Dodocumentcuments entire process in a form understandable to the client


Last updated