The Penetration Testing Execution Standard Documentation
معرفی کتاب «The Penetration Testing Execution Standard Documentation» نوشتهٔ coll. و Coll.، منتشرشده توسط نشر 2022 در سال 2022. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
The Penetration Testing Execution Standard High Level Organization of the Standard Pre-engagement Interactions Overview Introduction to Scope Metrics for Time Estimation Scoping Meeting Additional Support Based on Hourly Rate Questionnaires General Questions Scope Creep Specify Start and End Dates Specify IP Ranges and Domains Dealing with Third Parties Define Acceptable Social Engineering Pretexts DoS Testing Payment Terms Goals Establish Lines of Communication Emergency Contact Information Rules of Engagement Capabilities and Technology in Place Intelligence Gathering General Intelligence Gathering Target Selection OSINT Covert Gathering Footprinting Identify Protection Mechanisms Threat Modeling General Business Asset Analysis Business Process Analysis Threat Agents/Community Analysis Threat Capability Analysis Motivation Modeling Finding relevant news of comparable Organizations being compromised Vulnerability Analysis Testing Active Passive Validation Research Exploitation Purpose Countermeasures Evasion Precision Strike Customized Exploitation Avenue Tailored Exploits Zero-Day Angle Example Avenues of Attack Overall Objective Post Exploitation Purpose Rules of Engagement Infrastructure Analysis Pillaging High Value/Profile Targets Data Exfiltration Persistence Further Penetration Into Infrastructure Cleanup Reporting Overview Report Structure The Executive Summary Technical Report PTES Technical Guidelines Tools Required Intelligence Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting Custom tools developed Appendix FAQ Q: What is this “Penetration Testing Execution Standard”? Q: Who is involved with this standard? Q: So is this a closed group or can I join in? Q: Is this going to be a formal standard? Q: Is the standard going to include all possible pentest scenarios? Q: Is this effort going to standardize the reporting as well? Q: Who is the intended audience for this standard/project? Q: Is there a mindmap version of the original sections? Media Indices and tables
دانلود کتاب The Penetration Testing Execution Standard Documentation