Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

An introduction to the methodologies

Why do we need a methodology in ethical hacking?

Penetration testing is no longer a single hacker’s ad hoc job. In almost all cases it is a formal process that needs to address the business and security needs of the clients while being reproducible, documented and auditable.

Many security companies will have their own specific penetration testing methodologies, depending on the scale, complexity and scope of their projects. Most of them are similar to – or derived from – the methodologies we’ll discuss in this activity. Having a good understanding of the relevant methodologies will give you the basis for planning and conducting a successful penetration test.

We’ll review a number of penetration testing methodologies here. Most of them are generic and could be applied in any project, while others are specific to particular scenarios, such as Web Apps pentesting.

Of course, given that the computing environments, infrastructure and systems of organisations differ, many real pentesting projects will require a methodology which is adapted to the current scope and requirements. It’s important that you understand the rationale and theory behind the pentesting methodologies so that you’re able to extract what is relevant and adapt the parts required for your project.

The methodologies which we’ll discuss in this activity are:

  • Information Systems Security Assessment Framework (ISSAF)
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Execution Standard (PTES)
  • Technical Guide to Information Security Testing and Assessment (NIST SP800-115)
  • OWASP Testing Guide

A note about tools

Some of the methodologies we will review discuss the tools to be used in each step. It’s worth noting that the cyber security field is a dynamic one, with new technologies being introduced and new tools being developed regularly. As such, you shouldn’t limit yourself to the tools and techniques suggested by the methodology but use them as a starting point for further research and development.

© Coventry University. CC BY-NC 4.0
This article is from the free online

Ethical Hacking: An Introduction

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now