Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

Penetration Testing Execution Standard (PTES)

via Cybrary

Overview

There are a lot of tools and training videos out there, some providing great value to your education and betterment as a Security Professional.

If I were to ask you today, what steps does your team take to perform a penetration test or what standard do you follow, what is your response? Would you work to understand the client business, would discussions of a contract happen, what is and is not within scope, would you establish emergency contact information and rules of engagement? After doing all that, what process is you team following to conduct the test? Do you dive right in and start running scans or do you have a methodology you prefer to follow?

If you have little experience in conducting penetration tests or have been doing so for years, this course will help you to feel confident in addressing clients or your business leaders with a sound standard in hand.

Prerequisites

  • Basic technical terminology understanding
  • Basic terminology in association with security testing

In this Penetration Testing Execution Standard (PTES) training, students will learn all the phases of the standard, as well as their application in the business world. Upon completing the course, students will be confident addressing leadership and clients.

What is the Penetration Testing Execution Standard?

Penetration Testing Execution Standard (PTES) is a method for penetration testing. It was established for the purpose of addressing the need for a comprehensive set of standards for penetration testing. The PTES guides information security professionals while also helping inform organizations what can be expected from penetration tests, so that they are able to complete successful projects.

The penetration testing execution standard includes seven phases:

  • Pre-Engagement
  • Intelligence Gathering
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Reporting

The PTES sets a baseline for the minimum requirements of a basic penetration test and multiple advanced scenarios with more comprehensive activities to benefit larger organizations that have a higher level of security needs.

What is Involved in this PTES Course?

In our online course, students will learn PTES, including all seven phases of the standard. The seven phases cover all the elements of penetration testing from the initial communication and analysis of the test, to the gathering information and threat modeling phases, then onto vulnerability analysis, exploitation and post-exploitation, and lastly, reporting.

In this course there are eight modules. The first seven are comprehensive studies of the seven phases and all their components. The last module is an overall summary of the entire course.

Students who take this training should have a basic understanding of technical terminology as well as terminology that is associated with security testing.

The Penetration Testing Execution Standard training course has 13 hours and 9 minutes total clock time. Once finished, students will earn 13 CEU/CPE and they will receive a Certificate of Completion.

Why Learn the Penetration Testing Execution Standard?

One of the biggest benefits of learning PTES is that it provides a methodology that allows penetration testers to evaluate different environments consistently and holistically. Consistency in testing is important for a number of reasons, including:

  • It is less likely that large vulnerabilities will be missed.
  • It helps testers avoid tunnel vision, which can lead testers to focus too much in areas that don’t move the engagement forward.
  • It prevents penetration testers from coming into new environments with any preconceived ideas.
  • It means that testers will provide consistence in every environment.

Besides the professional advantages penetration testers will gain from learning PTES, there are various other benefits as well. Cybersecurity, as a profession, is one of the fastest growing industries. Because cybercrime has become so rampant, the demand for security professionals has also increases by leaps and bounds. Organizations know that it’s no longer enough to take a reactive stance with security threats, they need professionals to proactively perform penetration testing to stop cyber attacks and hacking.

Adding PTES training to a resume will put candidates for cybersecurity jobs ahead of others for interviews, job offers, and career advancements. Hiring managers and IT recruiters look favorably on candidates who have this knowledge.

Students who take the penetration testing execution standard training course put themselves in a position to be an in-demand professional with abundant job opportunities, earning potential, and job security. For individuals who are interested in helping organizations protect their sensitive information, in an exciting and evolving industry that has the potential to be exciting and new every day, all while earning a great salary, this training course is a must.

How is it Best to Learn about the PTES?

The PTES is a comprehensive guide for penetration testers that includes a lot of information. For that reason, it’s essential to have the best instruction and training, from an expert in the field. Cybrary courses are self-paced, convenient, and thorough, and they are taught by professionals who are experienced and knowledgeable in the subject.

If you are interested in learning more about the Penetration Testing Execution Standard, the PTES course is a convenient way to do so. Enrolling in the online training is easy, simply click the Register button at the top right of this screen to begin.

Syllabus

  • Pre-Engagement Interactions
    • What is the Penetration Testing Execution Standard (PTES)?
    • Who and Why?
    • Course Use
    • Pre-Engagement Interactions Overview Part 1
    • Pre-Engagement Interactions Overview Part 2
    • Introduction to Scope Part 1
    • Introduction to Scope Part 2
    • Metrics for Time Estimation Part 1
    • Metrics for Time Estimation Part 2
    • Scoping Meeting Part 1
    • Scoping Meeting Part 2
    • Additional Support Part 1
    • Additional Support Part 2
    • PTES Questionnaires Part 1
    • PTES Questionnaires Part 2
    • Scope Creep
    • Start and End Dates
    • Specify IP Ranges and Domains
    • Dealing With Third Parties
    • Define Acceptable Sociable Engineering Pretexts Part 1
    • Define Acceptable Sociable Engineering Pretexts Part 2
    • DoS Testing
    • Payment Terms Part 1
    • Payment Terms Part 2
    • Goals
    • Establish Lines of Communication Part 1
    • Establishing Lines of Communication Part 2
    • Rules of Engagement Part 1
    • Rules of Engagement Part 2
    • Capabilities and Technology in Place
    • Module 1 Summary
  • Intelligence Gathering
    • Intelligence Gathering Overview
    • General Background Concepts
    • Business Asset Analyst
    • Intelligence Gathering Basics
    • Target Selection
    • OSINT Part 1
    • OSINT Part 2
    • OSINT Part 3
    • Covert Gathering
    • Footprinting: External
    • Footprinting: Internal
    • Identity Protection Mechanisms
    • Module 2 Summary
  • Threat Modeling
    • Threat Modeling Overview
    • General: Modeling Process
    • Business Asset Analysis
    • Business Process Analysis
    • Threat Agent/Community Analysis
    • Threat Capability Analysis
    • Motivation Modeling
    • Finding Relevant News
    • Module 3 Summary
  • Vulnerability Analysis
    • Vulnerability Analysis Overview
    • Vulnerability Testing
    • Active Testing
    • Passive Testing
    • Validation
    • Research
    • Module 4 Summary
  • Exploitation
    • Exploitation Overview
    • Purpose
    • Countermeasures
    • Evasion
    • Precision Strike
    • Customized Exploitation Avenue
    • Zero Day Angle
    • Example Avenues of Attack
    • Overall Objectives
    • Module 5 Summary
  • Post-Exploitation
    • Post-Exploitation Overview
    • Purpose
    • Rules of Engagement: Post-Exploitation
    • Infrastructure Analysis
    • Pillaging Part 1
    • Pillaging Part 2
    • High Value/Profile Targets
    • Data Infiltration
    • Persistence
    • Further Penetration Into Infrastructure
    • Cleanup
    • Module 6 Summary
  • Reporting
    • Reporting Overview
    • Reporting Structure
    • The Executive Summary
    • Technical Support
    • Module 7 Summary
  • Summary
    • Course Summary

Taught by

Robert Smith

Reviews

Start your review of Penetration Testing Execution Standard (PTES)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.