PTES comprises several phases that cover various aspects of penetration testing:
- Pre-engagement interactions
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- Exploitation
- Post exploitation
- Reporting
Further information on PTES can be found at http://www.penteststandard.org/index.php/Main_Page.
The choice of penetration testing standard or framework is dependent on the type of testing requested by the client, the target's industry (such as HIPAA for the health industry), and even your organization's methodology of penetration testing.
In the following section, we will discuss the importance of the reporting phase.