This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Penetration testing methodologies

Jump to: navigation, search


  • OWASP testing guide
  • PCI Penetration testing guide
  • Penetration Testing Execution Standard
  • NIST 800-115
  • Penetration Testing Framework
  • Information Systems Security Assessment Framework (ISSAF)
  • Open Source Security Testing Methodology Manual (“OSSTMM”)
  • FedRAMP Penetration Test Guidance
  • CREST Penetration Testing Guide

Penetration Testing Execution Standard (PTES)

PTES defines penetration testing as 7 phases.

  • Pre-engagement Interactions
  • Intelligence Gathering
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Reporting

Instead of simply methodology or process, PTES also provides hands-on technical guidelines for what/how to test, the rationale of testing and recommended testing tools and usage.

PCI Penetration testing guide

Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3 defines the penetration testing. PCI also defines Penetration Testing Guidance.

PCI DSS Penetration Testing guidance

The PCI DSS Penetration testing guideline provides a very good reference of the following area while it's not a hands-on technical guideline to introduce testing tools.

  • Penetration Testing Components
  • Qualifications of a Penetration Tester
  • Penetration Testing Methodologies
  • Penetration Testing Reporting Guidelines

PCI DSS Penetration Testing Requirements

The PCI DSS requirement refer to Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3

  • Based on industry-accepted approaches
  • Coverage for CDE and critical systems
  • Includes external and internal testing
  • Test to validate scope reduction
  • Application-layer testing
  • Network-layer tests for network and OS

Penetration Testing Framework

The Penetration testing framework provides very comprehensive hands-on penetration testing guide. It also list usage of the testing tools in each testing category. The major area of penetration testing includes -

  • Network Footprinting (Reconnaissance)
  • Discovery & Probing
  • Enumeration
  • Password cracking
  • Vulnerability Assessment
  • AS/400 Auditing
  • Bluetooth Specific Testing
  • Cisco Specific Testing
  • Citrix Specific Testing
  • Network Backbone
  • Server Specific Tests
  • VoIP Security
  • Wireless Penetration
  • Physical Security
  • Final Report - template

Technical Guide to Information Security Testing and Assessment (NIST800-115)

Information Systems Security Assessment Framework (ISSAF)

The ISSAF is a very good reference source of penetration testing though Information Systems Security Assessment Framework (ISSAF) which is not an active community. It provides comprehensive step-by-step penetration testing technical guidance.

The ISSAF penetration testing guide can be downloaded here.

It covers the area below.

  • Project Management
  • Guidelines And Best Practices – Pre Assessment, Assessment And Post Assessment
  • Assessment Methodology
  • Review Of Information Security Policy And Security Organization
  • Evaluation Of Risk Assessment Methodology
  • Technical Control Assessment
  • Technical Control Assessment - Methodology
  • Password Security
  • Password Cracking Strategies
  • Unix /Linux System Security Assessment
  • Windows System Security Assessment
  • Novell Netware Security Assessment
  • Database Security Assessment
  • Wireless Security Assessment
  • Switch Security Assessment
  • Router Security Assessment
  • Firewall Security Assessment
  • Intrusion Detection System Security Assessment
  • VPN Security Assessment
  • Anti-Virus System Security Assessment And Management Strategy
  • Web Application Security Assessment
  • Storage Area Network (San) Security
  • Internet User Security
  • As 400 Security
  • Source Code Auditing
  • Binary Auditing
  • Social Engineering
  • Physical Security Assessment
  • Incident Analysis
  • Review Of Logging / Monitoring & Auditing Processes
  • Business Continuity Planning And Disaster Recovery
  • Security Awareness And Training
  • Outsourcing Security Concerns
  • Knowledge Base
  • Legal Aspects Of Security Assessment Projects
  • Non-Disclosure Agreement (NDA)
  • Security Assessment Contract
  • Request For Proposal Template
  • Desktop Security Check-List - Windows
  • Linux Security Check-List
  • Solaris Operating System Security Check-List
  • Default Ports - Firewall
  • Default Ports – IDS/IPS
  • Links
  • Penetration Testing Lab Design

Open Source Security Testing Methodology Manual (OSSTMM)

OSSTMM is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of IOS 27001 instead of a hands-on penetration testing guide.

OSSTMM includes the following key sections:

    • Operational Security Metrics
    • Trust Analysis
    • Work Flow.
    • Human Security Testing
    • Physical Security Testing
    • Wireless Security Testing
    • Telecommunications Security Testing
    • Data Networks Security Testing
    • Compliance Regulations
    • Reporting with the STAR (Security Test Audit Report)

FedRAMP Penetration Test Guidance

To be updated

CREST Penetration Testing Guide