Author: Sandeep Jayashankar, Lead Product Security Architect, PayPal.
Penetration testing has become an essential part of digital and information security in most organizations. Much is known about various tools and technical methods used to conduct a well-planned penetration test. But running an effective and successful test requires a certain standard agreed upon and consistently followed by different organizations worldwide. These standards and best practices cover everything related to a penetration test, and the current manuscript attempts to highlight these aspects in brief. The whitepaper touches upon all the significant phases involved in a penetration test, i.e., communication, reasoning, intelligence gathering, threat modeling, vulnerability research, exploitation, and post-exploitation in a concise form. These best practices provide an undisputable value to the final reports in which the entire process is captured in the most relatable format to the specified audience.