cyber-security-resources/methodology/README.md
Omar Santos 0a222faa90
Update README.md
Suggesting some of the edits based on my previous comments
2024-02-02 18:52:42 -05:00

52 lines
4.0 KiB
Markdown

# Penetration Testing Methodologies
Ensuring a comprehensive approach to penetration testing is essential for effective cybersecurity. The following guidelines outline our strategy and methodologies for achieving consistent and reliable results, adhering to established standards in the field.
## Overview
Ethical hacking (including penetration testing, red teaming, and bug bounty hunting) involves a systematic and organized strategy to evaluate the security posture of networks and systems. This approach mitigates the risk of haphazard results and provides a structured framework for addressing potential vulnerabilities.
## Methodologies and Standards
Understanding and implementing major documented methodologies and standards are crucial elements of our approach. This empowers us to formulate strategies that leverage established practices, enhancing accountability and defensibility in our results.
### Common Penetration Testing Methodologies
Several widely recognized methodologies and standards guide our penetration testing efforts:
**1. [OWASP Web Security Testing Guide (WSTG)](https://owasp.org/www-project-web-security-testing-guide/):**
- Comprehensive guide focused on web application testing.
- Covers high-level phases and specific testing methods for various vulnerabilities.
**2. [NIST SP 800-115](https://csrc.nist.gov/publications/detail/sp/800-115/final):**
- Guidelines from the National Institute of Standards and Technology for planning and conducting information security testing.
**3. [Open Source Security Testing Methodology Manual (OSSTMM)](https://www.isecom.org/):**
- Document by the Institute for Security and Open Methodologies (ISECOM) outlining repeatable and consistent security testing.
**4. [Penetration Testing Execution Standard (PTES)](http://www.pentest-standard.org/):**
- Involves seven distinct phases, including pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.
**Note**: [MITRE ATT&CK Framework](https://attack.mitre.org/) is not a penetration testing methodology; rather, it is a comprehensive matrix and knowledge base of adversary tactics and techniques observed from real-world attacks. Despite this distinction, it provides significant value to ethical hackers, including penetration testers, red teamers, and bug bounty hunters. By leveraging the detailed insights into adversary behaviors and strategies documented within MITRE ATT&CK, you can better understand potential attack vectors, refine your testing strategies, and anticipate the tactics that adversaries may use. This, in turn, enables pentesters and ethical hackers to identify vulnerabilities more effectively, enhance their defensive strategies, and ultimately strengthen the security posture of the organizations they protect.
Understanding and implementing these methodologies ensures a robust and effective approach to penetration testing, enhancing the security posture of the systems and networks under evaluation.
### Testing Environments
Penetration testing methodologies often categorize tests based on the level of information provided to the tester. Common testing environments include:
**1. Unknown-Environment Test:**
- Limited information provided (e.g., domain names and IP addresses).
- Mimics an external attacker's perspective, starting with minimal knowledge.
- Enhances realism by withholding information from network support personnel.
**2. Known-Environment Test:**
- Tester possesses significant information about the organization and its infrastructure.
- Includes network diagrams, IP addresses, configurations, user credentials, and source code if applicable.
- Aims to identify security vulnerabilities within a broader scope.
**3. Partially Known Environment Test:**
- A hybrid approach between unknown- and known-environment tests.
- Testers may be provided credentials but not full documentation of the network infrastructure.
- Allows testing from an external attacker's perspective while retaining some internal insights.