Pentest Methodologies

There are many Pentest Methodologies that all share the same basic approach but their phases are named differently:

  • Pre-engagement steps / Preparation / Scoping
  • Intelligence Gathering / Information Gathering / Reconnaissance (Recon) / Open source intelligence (OSINT) / Footprinting
  • Threat Modeling
  • Scanning / Mapping / Enumeration / Vulnerability Analysis / Discovery
  • Exploitation
  • Post-Exploitation / Maintaining Access / Covering Tracks
  • Reporting

Penetration Testing Execution Standard Methodology

ptest_methodology

ISSAF Methodology

IssafMethodology

ECCouncil CEH Methodology

CEH_methodology

SANS Methodology

sans_methodology

Samurai Web Testing Framework Methodology

wtf_methodology

NIST 800-115 – TECHNICAL GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

NIST800-115

OSTMM Methodology

ostmm

OWASP

4.2 Information Gathering
4.3 Configuration and Deployment Management Testing
4.4 Identity Management Testing
4.5 Authentication Testing
4.6 Authorization Testing
4.7 Session Management Testing
4.8 Input Validation Testing
4.9 Error Handling
4.10 Cryptography
4.11 Business Logic Testing
4.12 Client Side Testing