There were a lot of efforts to create a penetration testing standard that can be comprehensive and at the same time applicable to all situations, but until now we did not know any really successful outcome that could claim to become an industry standard.
The reason here is simple, but nevertheless complicated: each penetration test is a new research that cannot be covered with a constant set of predefined actions. This set can be either too shallow to provide any real value or too determined like an audit, disabling the freedom of a research and maybe providing some value but definitely not giving a view from an attacker's perspective.
Although we do not recommend sticking to any of the existing "penetration testing standards", it will be helpful if you get familiar with the documents (methodologies) listed here to get an understanding of the popular approaches:
- PTES: PTES is an acronym for Penetration Testing Execution Standard (http://www.pentest-standard.org). It is developed and maintained by a group of security practitioners and is aimed at not only systemizing technical approaches to penetration testing, but also helping pentesters and their customer to talk "the same language" at the various project phases, including presales.
The standard was initiated in 2009 and is not finished yet, requiring contribution from the professional penetration testing community. In spite of that, the standard can already be used for work and definitely gives a good workflow overview for beginners.
- OWASP Testing Guide (https://www.owasp.org/index.php/OWASP_Testing_Project): This is a well-known web application security assessment guide maintained by a lot of specialists worldwide and is available free of charge. The guide describes not only the workflow of a typical web application pentest, but also provides basic technical information on how to actually do it. This is definitely a must-read document for any web application penetration tester.
- Penetration Testing Framework (http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html): This is not claimed as a standard, but it could be called like that because it shows a systemized approach to penetration testing along with some hints and tools that can be used on various stages. Anyone can participate in developing this framework by sending suggestions to the author Kevin Orrey on the e-mail address mentioned on the website.