March 06, 2011
The Penetration Testing Execution Standard (PTES) Alpha Released
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
It's finally here! The Penetration Testing Execution Standard mind map has been released to the public. To us, this is a huge 
accomplishment on everyone that participated on creating the alpha release of PTES. A few months ago during ShmooCon, Chris Nickerson got a bunch of us together (about twenty) in a room and talked about how to fix an industry where penetration testing had no definition and was losing it's value. We are actively seeking people in the industry to help fine tune, define, and add teeth to what is already an amazing start to defining what a true penetration test entails.
I'm glad to be apart of this and glad Chris included the people he did. Why this was such an important endeavor to me is being in both the consulting realm and on the corporate side of the house, it was one extreme to another on what was performed in a penetration test. Most provided little to no value and showed a very limited representation of true risk or impact toward to my organization. Penetration tests are a foundation to identify systemic weaknesses within an information security program and should represent how to impact an organization and perform a true breach simulation.
Everyone that participated in the creation of the standard have a wealth of knowledge and experience in this field and are known as some of the industries brightest talents. The PTES right now is in its alpha form, but we are all working hard on maturing it and if you have a way to improve it, pitch in and share.
If your interested in learning more, visit http://www.pentest-standard.org.
A special thanks to the following people (and those who may be missed in here):
* Chris Nickerson, CEO - Lares Consulting.
* Dave Kennedy, Director of Information Security - Diebold.
* Chris John Riley, IT Security Analyst - Raiffeisen Informatik GmbH.
* Eric Smith, Partner - Lares Consulting.
* Iftach Ian Amit, VP Consulting - Security Art.
* Andrew Rabie, Wizard - Avon Products Inc.
* Stefan Friedli, Senior Security Consultant - scip AG.
* Justin Searle, Senior Security Analyst - InGuardians.
* Brandon Knight, Senior Security Engineer - Amazon.
* Chris Gates, Senior Security Consultant - Rapid7.
* Joe McCray, CEO - Strategic Security.
* Carlos Perez, Lead Vulnerability Research Engineer - Tenable Security.
* John Strand, Owner - Black Hills Information Security.
* Steve Tornio, Senior Consultant - Sunera LLC.
* Nick Percoco, Senior Vice President - SpiderLabs at Trustwave.
* Dave Shackelford, Security Consultant, SANS Instructor.
* Val Smith - Attack Research.
* Robin Wood, Senior Security Engineer - RandomStorm.
* Wim Remes, Security Consultant - EY Belgium.
accomplishment on everyone that participated on creating the alpha release of PTES. A few months ago during ShmooCon, Chris Nickerson got a bunch of us together (about twenty) in a room and talked about how to fix an industry where penetration testing had no definition and was losing it's value. We are actively seeking people in the industry to help fine tune, define, and add teeth to what is already an amazing start to defining what a true penetration test entails.
I'm glad to be apart of this and glad Chris included the people he did. Why this was such an important endeavor to me is being in both the consulting realm and on the corporate side of the house, it was one extreme to another on what was performed in a penetration test. Most provided little to no value and showed a very limited representation of true risk or impact toward to my organization. Penetration tests are a foundation to identify systemic weaknesses within an information security program and should represent how to impact an organization and perform a true breach simulation.
Everyone that participated in the creation of the standard have a wealth of knowledge and experience in this field and are known as some of the industries brightest talents. The PTES right now is in its alpha form, but we are all working hard on maturing it and if you have a way to improve it, pitch in and share.
If your interested in learning more, visit http://www.pentest-standard.org.
A special thanks to the following people (and those who may be missed in here):
* Chris Nickerson, CEO - Lares Consulting.
* Dave Kennedy, Director of Information Security - Diebold.
* Chris John Riley, IT Security Analyst - Raiffeisen Informatik GmbH.
* Eric Smith, Partner - Lares Consulting.
* Iftach Ian Amit, VP Consulting - Security Art.
* Andrew Rabie, Wizard - Avon Products Inc.
* Stefan Friedli, Senior Security Consultant - scip AG.
* Justin Searle, Senior Security Analyst - InGuardians.
* Brandon Knight, Senior Security Engineer - Amazon.
* Chris Gates, Senior Security Consultant - Rapid7.
* Joe McCray, CEO - Strategic Security.
* Carlos Perez, Lead Vulnerability Research Engineer - Tenable Security.
* John Strand, Owner - Black Hills Information Security.
* Steve Tornio, Senior Consultant - Sunera LLC.
* Nick Percoco, Senior Vice President - SpiderLabs at Trustwave.
* Dave Shackelford, Security Consultant, SANS Instructor.
* Val Smith - Attack Research.
* Robin Wood, Senior Security Engineer - RandomStorm.
* Wim Remes, Security Consultant - EY Belgium.