PTES

Summary

The Penetration Testing Execution Standard (PTES) is a penetration testing method and a standard that provides a baseline for what is required of a penetration test. Developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. The version used in this section is PTES 1.1, 2014.

Definitions

Definition	Requirements
PTES-2_17_1. Pre-engagement interactions - Emergency contact information	338. Implement perfect forward secrecy
PTES-3_4_1_4_1. Corporate - Electronic (document metadata)	045. Remove metadata when sharing files
PTES-3_4_1_5_2. Corporate - Infrastructure assets (email addresses)	121. Guarantee uniqueness of emails
PTES-3_4_1_5_7. Corporate - Infrastructure assets (application usage)	045. Remove metadata when sharing files
PTES-3_4_1_5_8. Corporate - Infrastructure assets (defense technologies)	266. Disable insecure functionalities
PTES-3_6_1_3_2. External footprinting - Active footprinting (banner grabbing)	181. Transmit data using secure protocols
PTES-3_6_1_3_8. External footprinting - Active footprinting (DNS bruteforce)	266. Disable insecure functionalities
PTES-3_7_1. Identify protection mechanisms - Network based protections	252. Configure key encryption
PTES-4_2_1_5. Business asset analysis - Organizational data (technical information)	077. Avoid disclosing technical information
PTES-4_3_4. Business process analysis - Third party integration	262. Verify third-party components
PTES-4_5_3. Threat capability analysis - Communication mechanisms	147. Use pre-existent mechanisms 206. Configure communication protocols 336. Disable insecure TLS versions 338. Implement perfect forward secrecy
PTES-5_2_2_1. Vulnerability analysis - Network vulnerability scanners (port based)	154. Eliminate backdoors 250. Manage access points 255. Allow access only to the necessary ports
PTES-5_2_2_2. Vulnerability analysis - Network vulnerability scanners (service based)	206. Configure communication protocols 255. Allow access only to the necessary ports
PTES-5_2_3_1. Vulnerability analysis - Web application scanners (application flaw scanners)	169. Use parameterized queries 173. Discard unsafe inputs 029. Cookies with security attributes 077. Avoid disclosing technical information
PTES-5_2_3_2. Vulnerability analysis - Web application scanners (directory listing or brute forcing)	176. Restrict system objects 237. Ascertain human interaction 266. Disable insecure functionalities
PTES-5_2_3_3. Vulnerability analysis - Web application scanners (web server version)	262. Verify third-party components 353. Schedule firmware updates
PTES-5_3_1. Vulnerability analysis - Metadata	045. Remove metadata when sharing files
PTES-5_3_2. Vulnerability analysis - Traffic monitoring	376. Register severity level 083. Avoid logging sensitive data
PTES-5_4_2_3. Vulnerability analysis - Manual validation specific protocol (DNS)	266. Disable insecure functionalities
PTES-5_4_2_5. Vulnerability analysis - Manual validation specific protocol (mail)	115. Filter malicious emails
PTES-5_5_3. Vulnerability analysis - Common/default passwords	130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 142. Change system default credentials 332. Prevent the use of breached passwords
PTES-5_5_7. Vulnerability analysis - Disassembly and code analysis	158. Use a secure programming language 161. Define secure default options
PTES-6_2_1. Exploitation - Countermeasures (anti-virus)	266. Disable insecure functionalities 273. Define a fixed security suite
PTES-6_2_1_1. Exploitation - Countermeasures (anti-virus encoding)	160. Encode system outputs 184. Obfuscate application data 348. Use consistent encoding
PTES-6_2_1_3. Exploitation - Countermeasures (anti-virus encrypting)	159. Obfuscate code
PTES-6_2_3. Exploitation - Countermeasures (data execution prevention)	173. Discard unsafe inputs 266. Disable insecure functionalities 320. Avoid client-side control enforcement 037. Parameters without sensitive data
PTES-6_2_5. Exploitation - Countermeasures (web application firewall)	266. Disable insecure functionalities 273. Define a fixed security suite
PTES-6_7. Exploitation - Zero day angle	088. Request client certificates 090. Use valid certificates 093. Use consistent certificates
PTES-6_7_1_1. Exploitation - Zero day angle (buffer overflows)	345. Establish protections against overflows
PTES-6_7_4. Exploitation - Zero day angle (traffic analysis)	181. Transmit data using secure protocols
PTES-6_7_6_1. Exploitation - Proximity access (wifi attacks)	252. Configure key encryption
PTES-6_7_6_2. Exploitation - Proximity access (attacking the user)	248. SSID without dictionary words 249. Locate access points 251. Change access point IP 254. Change SSID name
PTES-7_2_1. Post exploitation - Rules of engagement (protect the client)	176. Restrict system objects 185. Encrypt sensitive information 300. Mask sensitive data 331. Guarantee legal compliance
PTES-7_3_1. Post exploitation - Infrastructure analysis (network configuration)	255. Allow access only to the necessary ports
PTES-7_3_1_3. Post exploitation - Network infrastructure analysis (DNS servers)	266. Disable insecure functionalities
PTES-7_3_1_5. Post exploitation - Network infrastructure analysis (proxy servers)	258. Filter website content 266. Disable insecure functionalities
PTES-7_3_1_6. Post exploitation - Network infrastructure analysis (ARP entries)	273. Define a fixed security suite 062. Define standard configurations
PTES-7_4_2_3. Post exploitation - Pillaging (database servers)	169. Use parameterized queries 173. Discard unsafe inputs
PTES-7_4_2_7. Post exploitation - Pillaging (certificate authority)	373. Use certificate pinning 089. Limit validity of certificates 090. Use valid certificates 091. Use internally signed certificates 092. Use externally signed certificates 093. Use consistent certificates
PTES-7_4_2_12. Post exploitation - Pillaging (monitoring and management)	378. Use of log management system 080. Prevent log modification
PTES-7_4_4_1. Post Exploitation - Pillaging (user information on system)	145. Protect system cryptographic keys 232. Require equipment identity 266. Disable insecure functionalities 037. Parameters without sensitive data 062. Define standard configurations
PTES-7_4_4_2. Post Exploitation - Pillaging (user information on web browsers)	177. Avoid caching and temporary files 181. Transmit data using secure protocols 032. Avoid session ID leakages
PTES-7_4_5_1. Post Exploitation - Pillaging (system configuration password policy)	133. Passwords with at least 20 characters
PTES-7_4_5_2. Post Exploitation - Pillaging (system configuration - configured wireless networks and keys)	249. Locate access points 251. Change access point IP
PTES-7_7. Post Exploitation - Persistence	145. Protect system cryptographic keys 154. Eliminate backdoors 224. Use secure cryptographic mechanisms 284. Define maximum number of connections 351. Assign unique keys to each device 090. Use valid certificates 093. Use consistent certificates

Last updated

2023/09/18