This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Penetration testing methodologies"
From OWASP
(→Summary) |
(→Penetration Testing Execution Standard (PTES)) |
||
| Line 9: | Line 9: | ||
== Penetration Testing Execution Standard (PTES) == | == Penetration Testing Execution Standard (PTES) == | ||
| + | PTES defines penetration testing as 7 phases. | ||
| + | |||
| + | * Pre-engagement Interactions | ||
| + | * Intelligence Gathering | ||
| + | * Threat Modeling | ||
| + | * Vulnerability Analysis | ||
| + | * Exploitation | ||
| + | * Post Exploitation | ||
| + | * Reporting | ||
| + | |||
| + | Instead of simply methodology or process, PTES also provides hands-on technical guidelines for what/how to test, rationale of testing and recommended testing tools and usage. | ||
| + | |||
| + | http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines | ||
== Open Source Security Testing Methodology Manual (OSSTMM) == | == Open Source Security Testing Methodology Manual (OSSTMM) == | ||
Revision as of 22:51, 1 April 2016
- 1 Summary
- 2 Penetration Testing Execution Standard (PTES)
- 3 Open Source Security Testing Methodology Manual (OSSTMM)
- 4 PCI Penetration testing guide
- 5 Penetration Testing Framework
- 6 Technical Guide to Information Security Testing and Assessment (NIST800-115)
- 7 Information Systems Security Assessment Framework (ISSAF)
- 8 Reference
Summary
- OWASP testing guide
- PCI Penetration testing guide
- Penetration Testing Execution Standard
- Open Source Security Testing Methodology Manual (“OSSTMM”)
- NIST 800-115
- Penetration Testing Framework
- Information Systems Security Assessment Framework (ISSAF)
Penetration Testing Execution Standard (PTES)
PTES defines penetration testing as 7 phases.
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Instead of simply methodology or process, PTES also provides hands-on technical guidelines for what/how to test, rationale of testing and recommended testing tools and usage.
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Open Source Security Testing Methodology Manual (OSSTMM)
PCI Penetration testing guide
Penetration Testing Framework
Technical Guide to Information Security Testing and Assessment (NIST800-115)
Information Systems Security Assessment Framework (ISSAF)
Reference
- https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
- http://www.pentest-standard.org/index.php/Main_Page
- http://www.isecom.org/research/osstmm.html
- http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
- http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-6_kscarfone-rmetzer_security-testing-assessment.pdf
- http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
- https://www.owasp.org/images/0/04/Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl%2BJohannes_Stroeher.pdf
- http://www.mcafee.com/tw/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf
- https://www.kali.org/
