Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Multiple methodologies codify pentesting; they overlap but have different emphases. PTES (Penetration Testing Execution Standard) is the most-cited; OSSTMM focuses on operational security testing; NIST 800-115 is the US government's framework. A real engagement combines elements; the methodology is the planning skeleton.
PTES phases: 1. Pre-engagement (RoE, scope, contracts), 2. Intelligence gathering (OSINT), 3. Threat modelling (what's high-value), 4. Vulnerability analysis, 5. Exploitation, 6. Post-exploitation, 7. Reporting. Each has its own deliverables; the report is the only thing the client sees.
Use these three in order. Each builds on the one before.
In one paragraph, name three pentesting methodologies.
Walk me through PTES phases for a web pentest.
Design a custom methodology for cloud-native SaaS pentesting.