PTES

Summary

The Penetration Testing Execution Standard (PTES) is a penetration testing method and a standard that provides a baseline for what is required of a penetration test. Developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. The version used in this section is PTES 1.1, 2014.

Definitions

Definition	Requirements
2_17_1. Pre-engagement interactions - Emergency contact information	338. Implement perfect forward secrecy
3_4_1_4_1. Corporate - Electronic (document metadata)	045. Remove metadata when sharing files
3_4_1_5_2. Corporate - Infrastructure assets (email addresses)	121. Guarantee uniqueness of emails
3_4_1_5_7. Corporate - Infrastructure assets (application usage)	045. Remove metadata when sharing files
3_4_1_5_8. Corporate - Infrastructure assets (defense technologies)	266. Disable insecure functionalities
3_6_1_3_2. External footprinting - Active footprinting (banner grabbing)	181. Transmit data using secure protocols
3_6_1_3_8. External footprinting - Active footprinting (DNS bruteforce)	266. Disable insecure functionalities
3_7_1. Identify protection mechanisms - Network based protections	252. Configure key encryption
4_2_1_5. Business asset analysis - Organizational data (technical information)	077. Avoid disclosing technical information
4_3_4. Business process analysis - Third party integration	262. Verify third-party components
4_5_3. Threat capability analysis - Communication mechanisms	147. Use pre-existent mechanisms 206. Configure communication protocols 336. Disable insecure TLS versions 338. Implement perfect forward secrecy
5_2_2_1. Vulnerability analysis - Network vulnerability scanners (port based)	154. Eliminate backdoors 250. Manage access points 255. Allow access only to the necessary ports
5_2_2_2. Vulnerability analysis - Network vulnerability scanners (service based)	206. Configure communication protocols 255. Allow access only to the necessary ports
5_2_3_1. Vulnerability analysis - Web application scanners (application flaw scanners)	029. Cookies with security attributes 077. Avoid disclosing technical information 169. Use parameterized queries 173. Discard unsafe inputs
5_2_3_2. Vulnerability analysis - Web application scanners (directory listing or brute forcing)	176. Restrict system objects 237. Ascertain human interaction 266. Disable insecure functionalities
5_2_3_3. Vulnerability analysis - Web application scanners (web server version)	262. Verify third-party components 353. Schedule firmware updates
5_3_1. Vulnerability analysis - Metadata	045. Remove metadata when sharing files
5_3_2. Vulnerability analysis - Traffic monitoring	083. Avoid logging sensitive data 376. Register severity level
5_4_2_3. Vulnerability analysis - Manual validation specific protocol (DNS)	266. Disable insecure functionalities
5_4_2_5. Vulnerability analysis - Manual validation specific protocol (mail)	115. Filter malicious emails
5_5_3. Vulnerability analysis - Common/default passwords	130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 142. Change system default credentials 332. Prevent the use of breached passwords
5_5_7. Vulnerability analysis - Disassembly and code analysis	158. Use a secure programming language 161. Define secure default options
6_2_1. Exploitation - Countermeasures (anti-virus)	266. Disable insecure functionalities 273. Define a fixed security suite
6_2_1_1. Exploitation - Countermeasures (anti-virus encoding)	160. Encode system outputs 184. Obfuscate application data 348. Use consistent encoding
6_2_1_3. Exploitation - Countermeasures (anti-virus encrypting)	159. Obfuscate code
6_2_3. Exploitation - Countermeasures (data execution prevention)	037. Parameters without sensitive data 173. Discard unsafe inputs 266. Disable insecure functionalities 320. Avoid client-side control enforcement
6_2_5. Exploitation - Countermeasures (web application firewall)	266. Disable insecure functionalities 273. Define a fixed security suite
6_7. Exploitation - Zero day angle	088. Request client certificates 090. Use valid certificates 093. Use consistent certificates
6_7_1_1. Exploitation - Zero day angle (buffer overflows)	345. Establish protections against overflows
6_7_4. Exploitation - Zero day angle (traffic analysis)	181. Transmit data using secure protocols
6_7_6_1. Exploitation - Proximity access (wifi attacks)	252. Configure key encryption
6_7_6_2. Exploitation - Proximity access (attacking the user)	248. SSID without dictionary words 249. Locate access points 251. Change access point IP 254. Change SSID name
7_2_1. Post exploitation - Rules of engagement (protect the client)	176. Restrict system objects 185. Encrypt sensitive information 300. Mask sensitive data 331. Guarantee legal compliance
7_3_1. Post exploitation - Infrastructure analysis (network configuration)	255. Allow access only to the necessary ports
7_3_1_3. Post exploitation - Network infrastructure analysis (DNS servers)	266. Disable insecure functionalities
7_3_1_5. Post exploitation - Network infrastructure analysis (proxy servers)	258. Filter website content 266. Disable insecure functionalities
7_3_1_6. Post exploitation - Network infrastructure analysis (ARP entries)	062. Define standard configurations 273. Define a fixed security suite
7_4_2_3. Post exploitation - Pillaging (database servers)	169. Use parameterized queries 173. Discard unsafe inputs
7_4_2_7. Post exploitation - Pillaging (certificate authority)	089. Limit validity of certificates 090. Use valid certificates 091. Use internally signed certificates 092. Use externally signed certificates 093. Use consistent certificates 373. Use certificate pinning
7_4_2_12. Post exploitation - Pillaging (monitoring and management)	080. Prevent log modification 378. Use of log management system
7_4_4_1. Post Exploitation - Pillaging (user information on system)	037. Parameters without sensitive data 062. Define standard configurations 145. Protect system cryptographic keys 232. Require equipment identity 266. Disable insecure functionalities
7_4_4_2. Post Exploitation - Pillaging (user information on web browsers)	032. Avoid session ID leakages 177. Avoid caching and temporary files 181. Transmit data using secure protocols
7_4_5_1. Post Exploitation - Pillaging (system configuration password policy)	133. Passwords with at least 20 characters
7_4_5_2. Post Exploitation - Pillaging (system configuration - configured wireless networks and keys)	249. Locate access points 251. Change access point IP
7_7. Post Exploitation - Persistence	090. Use valid certificates 093. Use consistent certificates 145. Protect system cryptographic keys 154. Eliminate backdoors 224. Use secure cryptographic mechanisms 284. Define maximum number of connections 351. Assign unique keys to each device

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

PTES | Compliance | Fluid Attacks Help

PTES

Summary

Definitions