WSTG - v4.2

Penetration Testing Methodologies


OWASP Testing Guides

In terms of technical security testing execution, the OWASP testing guides are highly recommended. Depending on the types of the applications, the testing guides are listed below for the web/cloud services, Mobile app (Android/iOS), or IoT firmware respectively.

Penetration Testing Execution Standard

Penetration Testing Execution Standard (PTES) defines penetration testing as 7 phases. Particularly, PTES Technical Guidelines give hands-on suggestions on testing procedures, and recommendation for security testing tools.

  • Pre-engagement Interactions
  • Intelligence Gathering
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Reporting

PTES Technical Guidelines

PCI Penetration Testing Guide

Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3 defines the penetration testing. PCI also defines Penetration Testing Guidance.

PCI DSS Penetration Testing Guidance

The PCI DSS Penetration testing guideline provides guidance on the following:

  • Penetration Testing Components
  • Qualifications of a Penetration Tester
  • Penetration Testing Methodologies
  • Penetration Testing Reporting Guidelines

PCI DSS Penetration Testing Requirements

The PCI DSS requirement refer to Payment Card Industry Data Security Standard (PCI DSS) Requirement 11.3

  • Based on industry-accepted approaches
  • Coverage for CDE and critical systems
  • Includes external and internal testing
  • Test to validate scope reduction
  • Application-layer testing
  • Network-layer tests for network and OS

PCI DSS Penetration Test Guidance

Penetration Testing Framework

The Penetration Testing Framework (PTF) provides comprehensive hands-on penetration testing guide. It also lists usages of the security testing tools in each testing category. The major area of penetration testing includes:

  • Network Footprinting (Reconnaissance)
  • Discovery & Probing
  • Enumeration
  • Password cracking
  • Vulnerability Assessment
  • AS/400 Auditing
  • Bluetooth Specific Testing
  • Cisco Specific Testing
  • Citrix Specific Testing
  • Network Backbone
  • Server Specific Tests
  • VoIP Security
  • Wireless Penetration
  • Physical Security
  • Final Report - template

Penetration Testing Framework

Technical Guide to Information Security Testing and Assessment

Technical Guide to Information Security Testing and Assessment (NIST 800-115) was published by NIST, it includes some assessment techniques listed below.

  • Review Techniques
  • Target Identification and Analysis Techniques
  • Target Vulnerability Validation Techniques
  • Security Assessment Planning
  • Security Assessment Execution
  • Post-Testing Activities

The NIST 800-115 can be accessed here

Open Source Security Testing Methodology Manual

The Open Source Security Testing Methodology Manual (OSSTMM) is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of ISO 27001 instead of a hands-on or technical application penetration testing guide.

OSSTMM includes the following key sections:

  • Security Analysis
  • Operational Security Metrics
  • Trust Analysis
  • Work Flow
  • Human Security Testing
  • Physical Security Testing
  • Wireless Security Testing
  • Telecommunications Security Testing
  • Data Networks Security Testing
  • Compliance Regulations
  • Reporting with the STAR (Security Test Audit Report)

Open Source Security Testing Methodology Manual