Standard Operating Procedure for Penetration Testing
Added on 2023-06-03
11 Pages1708 Words256 Views
Running head: STANDARD OPERATING PROCEDURE FOR PEN TESTING
Standard Operating Procedure for Pen Testing
Name of the Student
Name of the University
Authors note
Standard Operating Procedure for Pen Testing
Name of the Student
Name of the University
Authors note
1STANDARD OPERATING PROCEDURE FOR PEN TESTING
Table of Contents
1. Introduction..........................................................................................................2
2. Pen Testing Methodologies..................................................................................2
3. Best SOP..............................................................................................................5
4. Decision Tree Analysis for Penetration Testing..................................................6
5. Conclusions..........................................................................................................7
References......................................................................................................................8
Appendix......................................................................................................................10
Table of Contents
1. Introduction..........................................................................................................2
2. Pen Testing Methodologies..................................................................................2
3. Best SOP..............................................................................................................5
4. Decision Tree Analysis for Penetration Testing..................................................6
5. Conclusions..........................................................................................................7
References......................................................................................................................8
Appendix......................................................................................................................10
2STANDARD OPERATING PROCEDURE FOR PEN TESTING
1. Introduction
The Penetration testing process includes different automated as well as manual
techniques in order to simulate security exploiting attack on an organisation’s network and
information systems (Stefinko, Piskozub and Banakh 2016). This type of attack is used to
look out for the different known as well as unknown vulnerabilities that needs to be addresses
in order to secure the network. Carrying out pen testing is important to exploit vulnerabilities
in order to patch them so that in future it becomes hard to have unauthorized access by the
hackers or intruders. In order to carry out the pen test on some organizations network and
information system there are multiple techniques that can be used some of them are listed as;
Mobile application penetration testing
legacy application or the Client server architecture based application
penetration testing
Device based pen testing through workstations, laptops and other devices
(smartphones and tablets) penetration testing.
Wireless access point penetration testing.
This report focuses on the discussion about different methodologies that can be used
with the target of detecting the flaws of the existing architecture and application
configuration. In addition to that, the report also consists of discussion about the standard
operating procedure for penetration testing process to find out the vulnerabilities.
2. Pen Testing Methodologies
There are mainly following types of the methodologies are available and used by the
professionals which are listed below;
1. Introduction
The Penetration testing process includes different automated as well as manual
techniques in order to simulate security exploiting attack on an organisation’s network and
information systems (Stefinko, Piskozub and Banakh 2016). This type of attack is used to
look out for the different known as well as unknown vulnerabilities that needs to be addresses
in order to secure the network. Carrying out pen testing is important to exploit vulnerabilities
in order to patch them so that in future it becomes hard to have unauthorized access by the
hackers or intruders. In order to carry out the pen test on some organizations network and
information system there are multiple techniques that can be used some of them are listed as;
Mobile application penetration testing
legacy application or the Client server architecture based application
penetration testing
Device based pen testing through workstations, laptops and other devices
(smartphones and tablets) penetration testing.
Wireless access point penetration testing.
This report focuses on the discussion about different methodologies that can be used
with the target of detecting the flaws of the existing architecture and application
configuration. In addition to that, the report also consists of discussion about the standard
operating procedure for penetration testing process to find out the vulnerabilities.
2. Pen Testing Methodologies
There are mainly following types of the methodologies are available and used by the
professionals which are listed below;
3STANDARD OPERATING PROCEDURE FOR PEN TESTING
NIST 800-115
ISSAF (Information Systems Security Assessment Framework)
OWASP penetration testing guide
PCI Penetration testing guide
Penetration Testing Framework
Penetration Testing Execution Standard
OSSTMM (Open Source Security Testing Methodology Manual)
The NIST 800-115 is one of the methodologies that are considered as standard which
provides clearly defined security assessment in order determine the way an entity effectively
being assessed that needs to meets specific security requirements to make a robust
organizational network and information system (Lunne, Powell and Robertson 2014). This
methodology reviews the logs of the different services and Systems for authentication server
logs which may comprise successful / failed authentication attempts.
The PTES methodology includes the following stages;
Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
NIST 800-115
ISSAF (Information Systems Security Assessment Framework)
OWASP penetration testing guide
PCI Penetration testing guide
Penetration Testing Framework
Penetration Testing Execution Standard
OSSTMM (Open Source Security Testing Methodology Manual)
The NIST 800-115 is one of the methodologies that are considered as standard which
provides clearly defined security assessment in order determine the way an entity effectively
being assessed that needs to meets specific security requirements to make a robust
organizational network and information system (Lunne, Powell and Robertson 2014). This
methodology reviews the logs of the different services and Systems for authentication server
logs which may comprise successful / failed authentication attempts.
The PTES methodology includes the following stages;
Pre-engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
What is penetration testing? | What is pen testing?lg...
|10
|2053
|53
Penetration testing or pen testinglg...
|13
|2748
|20
SOP for Penetration Testinglg...
|26
|2681
|31
What is Penetration Testing and How Does It Work? -lg...
|12
|2793
|15
Assignment - Penetration Testinglg...
|12
|2834
|28
SOP for Pen Testing - Reflectionlg...
|13
|3107
|17