PTES is a set of guidelines and procedures for performing consistent and comprehensive penetration testing
PTES was created by a group of experienced security professionals in response to the lack of a standardized approach to penetration testing. The standard has since become widely adopted and recognized as a valuable resource for organizations and security professionals alike.
- Pre-engagement Interactions: preparation phase including approvals and tools needed for the test
- Intelligence gathering: information about the target system are gathered from external sources like social media websites, official record, using OSINT and other techniques
- Threat Modelling: procedure for optimizing network security by identifying objectives and vulnerabilities
- Vulnerability Analysis: discover and validate vulnerabilities
- Exploitation: breach the security of the target system using the vulnerabilities previously identified
- Post Exploitation: maintain control over target system and collect
- Reporting: Dodocumentcuments entire process in a form understandable to the client