The Penetration Testing Execution Standard (PTES) is a comprehensive, industry-standard framework designed to guide cybersecurity professionals through a structured, consistent, and high-quality penetration testing process. It covers seven key stages:
The Seven Stages: Pre-engagement Interactions: Defining scope, goals, and rules of engagement. Intelligence Gathering: Collecting information on the target. Threat Modeling: Identifying potential attackers and attack vectors. Vulnerability Analysis: Uncovering potential weaknesses. Exploitation: Attempting to bypass security controls. Post-Exploitation: Determining the value of compromised machines and maintaining access. Reporting: Documenting findings, risks, and recommendations
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) is a threat modeling framework used to assess and prioritize risks.
- Option A (Web application test) #:
- While DREAD can be used in web security, PTES (Penetration Testing Execution Standard) is a better framework for conducting pentests.
- Option B (Mobile application test) #:
- PTES provides guidelines for mobile security testing, whereas DREAD is for threat modeling.
- Option C (Thick client application) #:
- Thick clients require specific testing methodologies, not DREAD.
- Option D (Creating a threat model) : Correct. * DREAD is designed for risk assessment and prioritization.
- PTES focuses on penetration testing execution, not threat modeling. #frameworks