Skip to main content

PTES

logo

Summary

The Penetration Testing Execution Standard (PTES) is a penetration testing method and a standard that provides a baseline for what is required of a penetration test. Developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. The version used in this section is PTES 1.1, 2014.

Definitions

DefinitionRequirements
2_17_1. Pre-engagement interactions - Emergency contact information338. Implement perfect forward secrecy
3_4_1_4_1. Corporate - Electronic (document metadata)045. Remove metadata when sharing files
3_4_1_5_2. Corporate - Infrastructure assets (email addresses)121. Guarantee uniqueness of emails
3_4_1_5_7. Corporate - Infrastructure assets (application usage)045. Remove metadata when sharing files
3_4_1_5_8. Corporate - Infrastructure assets (defense technologies)266. Disable insecure functionalities
3_6_1_3_2. External footprinting - Active footprinting (banner grabbing)181. Transmit data using secure protocols
3_6_1_3_8. External footprinting - Active footprinting (DNS bruteforce)266. Disable insecure functionalities
3_7_1. Identify protection mechanisms - Network based protections252. Configure key encryption
4_2_1_5. Business asset analysis - Organizational data (technical information)077. Avoid disclosing technical information
4_3_4. Business process analysis - Third party integration262. Verify third-party components
4_5_3. Threat capability analysis - Communication mechanisms147. Use pre-existent mechanisms
206. Configure communication protocols
336. Disable insecure TLS versions
338. Implement perfect forward secrecy
5_2_2_1. Vulnerability analysis - Network vulnerability scanners (port based)154. Eliminate backdoors
250. Manage access points
255. Allow access only to the necessary ports
5_2_2_2. Vulnerability analysis - Network vulnerability scanners (service based)206. Configure communication protocols
255. Allow access only to the necessary ports
5_2_3_1. Vulnerability analysis - Web application scanners (application flaw scanners)029. Cookies with security attributes
077. Avoid disclosing technical information
169. Use parameterized queries
173. Discard unsafe inputs
5_2_3_2. Vulnerability analysis - Web application scanners (directory listing or brute forcing)176. Restrict system objects
237. Ascertain human interaction
266. Disable insecure functionalities
5_2_3_3. Vulnerability analysis - Web application scanners (web server version)262. Verify third-party components
353. Schedule firmware updates
5_3_1. Vulnerability analysis - Metadata045. Remove metadata when sharing files
5_3_2. Vulnerability analysis - Traffic monitoring083. Avoid logging sensitive data
376. Register severity level
5_4_2_3. Vulnerability analysis - Manual validation specific protocol (DNS)266. Disable insecure functionalities
5_4_2_5. Vulnerability analysis - Manual validation specific protocol (mail)115. Filter malicious emails
5_5_3. Vulnerability analysis - Common/default passwords130. Limit password lifespan
132. Passphrases with at least 4 words
133. Passwords with at least 20 characters
139. Set minimum OTP length
142. Change system default credentials
332. Prevent the use of breached passwords
5_5_7. Vulnerability analysis - Disassembly and code analysis158. Use a secure programming language
161. Define secure default options
6_2_1. Exploitation - Countermeasures (anti-virus)266. Disable insecure functionalities
273. Define a fixed security suite
6_2_1_1. Exploitation - Countermeasures (anti-virus encoding)160. Encode system outputs
184. Obfuscate application data
348. Use consistent encoding
6_2_1_3. Exploitation - Countermeasures (anti-virus encrypting)159. Obfuscate code
6_2_3. Exploitation - Countermeasures (data execution prevention)037. Parameters without sensitive data
173. Discard unsafe inputs
266. Disable insecure functionalities
320. Avoid client-side control enforcement
6_2_5. Exploitation - Countermeasures (web application firewall)266. Disable insecure functionalities
273. Define a fixed security suite
6_7. Exploitation - Zero day angle088. Request client certificates
090. Use valid certificates
093. Use consistent certificates
6_7_1_1. Exploitation - Zero day angle (buffer overflows)345. Establish protections against overflows
6_7_4. Exploitation - Zero day angle (traffic analysis)181. Transmit data using secure protocols
6_7_6_1. Exploitation - Proximity access (wifi attacks)252. Configure key encryption
6_7_6_2. Exploitation - Proximity access (attacking the user)248. SSID without dictionary words
249. Locate access points
251. Change access point IP
254. Change SSID name
7_2_1. Post exploitation - Rules of engagement (protect the client)176. Restrict system objects
185. Encrypt sensitive information
300. Mask sensitive data
331. Guarantee legal compliance
7_3_1. Post exploitation - Infrastructure analysis (network configuration)255. Allow access only to the necessary ports
7_3_1_3. Post exploitation - Network infrastructure analysis (DNS servers)266. Disable insecure functionalities
7_3_1_5. Post exploitation - Network infrastructure analysis (proxy servers)258. Filter website content
266. Disable insecure functionalities
7_3_1_6. Post exploitation - Network infrastructure analysis (ARP entries)062. Define standard configurations
273. Define a fixed security suite
7_4_2_3. Post exploitation - Pillaging (database servers)169. Use parameterized queries
173. Discard unsafe inputs
7_4_2_7. Post exploitation - Pillaging (certificate authority)089. Limit validity of certificates
090. Use valid certificates
091. Use internally signed certificates
092. Use externally signed certificates
093. Use consistent certificates
373. Use certificate pinning
7_4_2_12. Post exploitation - Pillaging (monitoring and management)080. Prevent log modification
378. Use of log management system
7_4_4_1. Post Exploitation - Pillaging (user information on system)037. Parameters without sensitive data
062. Define standard configurations
145. Protect system cryptographic keys
232. Require equipment identity
266. Disable insecure functionalities
7_4_4_2. Post Exploitation - Pillaging (user information on web browsers)032. Avoid session ID leakages
177. Avoid caching and temporary files
181. Transmit data using secure protocols
7_4_5_1. Post Exploitation - Pillaging (system configuration password policy)133. Passwords with at least 20 characters
7_4_5_2. Post Exploitation - Pillaging (system configuration - configured wireless networks and keys)249. Locate access points
251. Change access point IP
7_7. Post Exploitation - Persistence090. Use valid certificates
093. Use consistent certificates
145. Protect system cryptographic keys
154. Eliminate backdoors
224. Use secure cryptographic mechanisms
284. Define maximum number of connections
351. Assign unique keys to each device