Penetration Testing Methodologies

Article by • April 14, 2022

Explore More

Penetration Testing Methodologies

What is Penetration Testing?

Penetration Testing, by definition, is “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”

Want to skip the read and go straight to the video? Look no further, just click here.

The Purpose of Penetration Testing Methodologies

The key purpose of Penetration Testing is to find and exploit vulnerabilities in a system before an attacker does. By doing this, organisations can determine the risks associated with these vulnerabilities and take steps to mitigate them. The three key purposes of penetration testing methodologies are to provide consistency, address vulnerabilities and provide an in-depth aspect to testing.

Top Three Penetration Testing Methodologies

There are three main types of penetration testing methodologies: OSSTMM, OWASP and NIST.

The Open Source Security Testing Methodology Manual, also known as OSSTMM is a methodology that covers multiple types of security testing from social engineering to network security. It is developed and maintained by the institute for security and open methodologies. (ISECOM)

The OWASP Web Security Testing Guide (WSTG) is a comprehensive guide for testing web application security which has developed in collaboration with a large range of volunteers within the industry. Whilst primarily known for Web Application Security, OWASP also offers guides on mobile security testing and firmware testing.

In 2008, NIST released the special publication (SP)800-115 a ‘Technical Guide to Information Security Testing and Assessment’. This document focuses primarily on infrastructure testing and provides a guide to the basic aspects of conducting security assessments.

Our Penetration Testing Methodologies at Pentest People

Here at Pentest People we use a variety of methodologies, with aspects of Web Application testing and using OWASP. Solely for infrastructure testing, we use NIST. As well as following the general methodologies, we as a business put a spin on aspects to provide a more in-depth overview of vulnerabilities of Penetration Testing.

,

Kate is a marketing assistant here at Pentest People, handling the businesses social media and focusing on creating new content for the website and social channels.