modelling, vulnerability analysis, exploitation, post exploitation, and reporting. PTES takes advantages of other
resources with the approach of not reinventing the wheel, rather, incorporates
other frameworks within it, for
example; OWASP for web application testing is referenced and recommended for use when testing web
applications. PTES attempts to create a baseline for penetration tests whereby a security practitioner and/or
organisation have a reference for what to expect at a minimum concerning penetration testing requirements.
Metasploit is a suite of penetration testing and intrusion detection tools designed to identify and exploit
vulnerabilities on a target system. Metasploit was originally an open source project developed in 2003 but was
acquired in 2009 by Rapid7 which is now responsible for its development and support (Holik, Horalek, Marik,
Neradova, & Zitta, 2014).
Metasploit, or the Metasploit Framework (MSF), is available in four different
versions. MSF is suitable for the advanced security professional who has a solid understanding of penetration
testing and is competent using command line pentesting tools. In comparison to ISSAF and OSSTMM, MSF is a
practical solution that provides a suite of tools rather than a documented outline of process and methods to
follow. MSF could be considered an application that encompasses a suite of tools that
facilitate a penetration
test.
In summary, there are a diverse range of methodologies and frameworks available. Each has unique
characteristics and takes a distinct approach to penetration testing. The literature suggests a difference in the way
terminology is applied to each concept, thus terms are used interchangeably (or incorrectly). For instance, ISSAF
is defined as a framework however throughout the documentation it refers to methodology as the primary
approach. MSF, on the other hand describes itself as a framework whereas it is a software application
encompassing a suite of tools, therefore clarification on the classification of methodology vs.
framework is
essential to avoid confusion.
Dostları ilə paylaş: