Penetration Testing Execution Standard (PTES) (Part 1 of 2)

 







Introduction

Nowadays, cyberattack on various organizations, enterprises, or government sectors via hacktivists, criminals, national enemies, etc. have become a common practice. They always look for a loophole to penetrate a computer network's defense system of their victims. Hence, there are many effective ways to defend against cyber attacks. Some of them are- training the employees, keeping the system and software up-to-date, multiple backup solutions, monitoring network traffic, etc. However, one of the major defense mechanism is PTES (Penetration Testing Execution Standard). 

What is PTES?

PTES is basically a comprehensive guide that outlies a standard methodology for conducting penetration tests. The method was developed by a team of information security practitioners to cater to the need of a complete and updated standard for penetration testing. 

Penetration testing is a process in which organizations can test their own network security by simulating the real-world cyberattacks. This process helps in locating and fixing any vulnerabilities before their exploitation by a threat actor. PTES always strives to raise the standard for penetration testing quality and offer high-caliber advice and help guide to the penetration tester. 

Process of PTES

PTES segregates the testing process in seven sections:
  • Pre-engagement Interactions- This is the preparation phase. Everything is decided by the client and the penetration testing body before starting the actual process. Things like scope, information supplied to the body, and rules of engagement are discussed beforehand. Also, the goals of the penetration test are made crystal clear to everyone.

  • Intelligence Gathering- In this stage, information about the target system are gathered from all publicly accessible data sources like social media websites, official records, etc. This procedure is also called OSINT (Open Source Intelligence). It is all about gathering any piece of information that might be helpful at a later stage of the testing procedure.

  • Threat Modelling- Here, the penetration tester try to identify assets that can be most likely targeted as well as the resources (human or non-human) that can be employed to target those assets. It helps in defining counter-measures to prevent or mitigate the system threats. it can be skipped in typical pan tests.

  • Vulnerability Analysis- This stage discovers and validates vulnerabilities. This risk can allow an attacker to exploit and gain authorized access to the system or application.

  • Exploitation- This stage is the most important part of a penetration test. The tester will try to reach the security of a target system with the help of previously identified and validated vulnerabilities. The tester will get the most out of the attack's results and insights by adhering to the rules of stealth, speed, and depth of penetration testing. 

  • Post Exploitation- This one maintains the control over target system and collect data. The findings in the post exploitation stage may result in change of scope and other possible problems if exploitations reveal deeper and more complicated flaws that the client did not foresee.

  • Reporting- Finally, a report will be compiled with all the information from every stage. It will contain all the documentations of the operations happened from planning and attacking to post exploitation, key findings of the security, and risk as well as correction. The report indicates the end of the penetration test

Conclusion

This part talks about PTES, its definition, and seven stages of its process in detail.






































Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)