Welcome to PTES’s documentation!¶
Contents:
- The Penetration Testing Execution Standard
- Pre-engagement Interactions
- Overview
- Introduction to Scope
- Metrics for Time Estimation
- Scoping Meeting
- Additional Support Based on Hourly Rate
- Questionnaires
- General Questions
- Scope Creep
- Specify Start and End Dates
- Specify IP Ranges and Domains
- Dealing with Third Parties
- Define Acceptable Social Engineering Pretexts
- DoS Testing
- Payment Terms
- Goals
- Establish Lines of Communication
- Emergency Contact Information
- Rules of Engagement
- Capabilities and Technology in Place
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- PTES Technical Guidelines
- Tools Required
- Intelligence Gathering
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
- Custom tools developed
- General
- Plugins
- Credentials
- Target Selection
- Access Rules
- Preferences
- Knowledge Base
- General
- Credentials
- Plugins
- Preferences
- General
- Credentials
- Plugins
- Preferences
- General
- Credentials
- Plugins
- Preferences
- Denial of service
- Discovery scan
- Discovery scan (aggressive)
- Exhaustive
- Full audit
- HIPAA compliance
- Internet DMZ audit
- Linux RPMs
- Microsoft hotfix
- Payment Card Industry (PCI) audit
- Penetration test
- Penetration test
- Safe network audit
- Sarbanes-Oxley (SOX) compliance
- SCADA audit
- Web audit
- FAQ
- Q: What is this “Penetration Testing Execution Standard”?
- Q: Who is involved with this standard?
- Q: So is this a closed group or can I join in?
- Q: Is this going to be a formal standard?
- Q: Is the standard going to include all possible pentest scenarios?
- Q: Is this effort going to standardize the reporting as well?
- Q: Who is the intended audience for this standard/project?
- Q: Is there a mindmap version of the original sections?
- Media