PTES: PenTest Execution Standard

4,530 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,530
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
168
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • I think people may THINK they do ll this and not understand how in depth we go without showing them
  • Do we want to go over the sections?
  • PTES: PenTest Execution Standard

    1. 1. Fixing the Industry, one Panel at a Time<br />Chris Nickerson, Ian Amit, Wim Remes, Stefan Friedli<br />SOURCE Boston, 22. April 2011<br />http://www.pentest-standard.org<br />
    2. 2. Agenda:We want to talk about Penetration Tests.And we want to talk about it with you.<br />
    3. 3. Why?<br />
    4. 4. Common Language+Common Standard of Quality<br />Eliminate Scanner Monkeys ripping you off.<br />
    5. 5. Wait... who are you guys anyway?<br />
    6. 6. Chris Nickerson, Dave Kennedy, Ian Amit, Chris Gates, Val Smith, Stefan Friedli, Eric Smith,Wim Remes, Steve Tornio, Andrew Rabie, Brandon Knight, Chris John Riley, Alex Hutton, Dave Shackleford, HD Moore, Joe McCray, John Strand, Justin Searle, Nick Percoco, Robin Wood, Chris John Riley...And dozens of contributors.You get the idea.<br />
    7. 7. «Old» Pentesting Scope<br />
    8. 8. PTES Methodology<br />
    9. 9. Current State<br />
    10. 10. First, we created this:<br />
    11. 11.
    12. 12. Current phase:Stopped talking, started doing.Writing Progress: 50%<br />
    13. 13.
    14. 14.
    15. 15.
    16. 16.
    17. 17.
    18. 18.
    19. 19.
    20. 20. Initial Reactions<br />
    21. 21. «You have to be kidding me.»«No one does that.»«I can’t do this all by myself»«This is a lot of work.»«Is this going into PCI/ISO/...»«We already do that...»<br />
    22. 22. RoadmapNow this is the part you come in.<br />
    23. 23. We needFeedback<br />
    24. 24. We needContributors<br />Write. Review. Spread the Word.<br />Yes, that also meansyou – accountants, lawyers, marketingfolks, etc...<br />
    25. 25. We needyour help to end bad pentesting.<br />
    26. 26. It that all?<br />Hell NO!Enter the PTES-G (PTES Guide)<br />Basically – the standard explained <br />and illustrated in a practical manner<br />
    27. 27. Say hello to Awesome! (and Rick H.)<br />
    28. 28. We are on www.pentest-standard.orgAnd the guide at:http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines<br />
    29. 29. Release:Blackhat 2011Brace for Impact.<br />

    ×