Pentest Methodologies

An overview of available pentest methodologies.

Our pentesters follow specific methodologies for different types of assets.

By default, our pentesters test for industry standard vulnerabilities from:

Open Web Application Security Project (OWASP).
- Includes different “Top 10” lists for web, API, mobile, and cloud systems.
Open Source Security Testing Methodology Manual (OSSTMM) (PDF).
- Used for internal and external networks.

For more information on how we pentest, refer to the detailed pages associated with your asset.

In most cases, the Methodology is fixed, based on the Asset Type you defined earlier. However, if you selected a combined asset type, such as Web + API, you can limit the test to either of the individual methodologies:

Choice of Methodologies

Review the methodology for your asset, from the links shown earlier. Each methodology includes default requirements based on standards such as:

OWASP
OSSTMM

You’re welcome to include additional requirements.

Next, you’ll want to set up and share Test Credentials for your pentesters.

Web Pentest Methodologies

Review pentest objectives for Web Apps.

Mobile Pentest Methodologies

Review methodologies for Mobile Apps.

API Pentest Methodologies

Review methodologies for Web Apps.

External Network Pentests

Review methodologies for External Networks.

Cloud Pentests

Review methodologies for Cloud Configurations.

Internal Network Pentests

Review methodologies for Internal Networks.

Was this page helpful?

Yes No Create an Issue

Last modified November.11.2021