Monday, October 3, 2011

The Penetration Testing Execution Standard

The Penetration Testing Execution Standard (PTES) is now available as a Pre-Alpha release and is located at According to their wiki page ( ) , the Penetration Testing Execution Standard (PTES) “is a new standard designed to provide both businesses and security service providers with a common language and scope for performing penetration testing (i.e. Security evaluations)”.

The group putting together the PTES includes several Info Sec professionals who are trying to create a standard so security professionals will have a baseline of what is required for a pentest. They also hope to help with the understanding of what type of testing others may need for their business or client.

Since this is still Pre Alpha Release, there is still a lot to be accomplished, though and folks are invited to e-mail one of the group members listed on the FAQ page ( ).

One of the items I found most interesting was the PTES Technical Guidelines page, which listed several security applications and frameworks. This page also gives brief guidelines on how to use these applications and frameworks. It opened my eyes to several new security applications I didn’t know existed.

For more information, visit the PTES wiki site.