EVALUATION METHODOLOGIES PTES AND ISSAF OF PENETRATION TESTING FRAMEWORKS

Currently, technological developments in the information sector have developed rapidly, so that cyber security is quickly becoming a strategic priority for both government and private organizations in facing various types of cyber attacks. Therefore, penetration testing plays a key role in assessing the security posture of information systems. Selection of the right penetration methodology is critical for effective testing. Penetration testing is one strategy used to mitigate the risk of cyber attacks. In this research analyzes and compares the methodology and framework provided by PTES and ISSAF. Methodology evaluations cover a variety of factors, including methodological depth, effectiveness, coverage, ease of use, and community support. Additionally, this research also explores practical applications, case studies, and real-world implementations of both methodologies to assess their capabilities in identifying and resolving security vulnerabilities. This research details the framework quality assessment of each method using Gab Analysis, Quality Metrics and Evaluation, and Framework Quality Evaluation. The findings from this research are expected to provide valuable insight into the strengths and weaknesses of PTES and ISSAF, assisting cybersecurity professionals and organizations in selecting the most appropriate methodology for their penetration testing needs. This research contributes to the ongoing discussion in the field of cybersecurity and aims to improve overall security practices by guiding in the selection of the most appropriate penetration testing methodology.
.
Keywords: PTES, ISSAF, Penetration Testing, website vulnerability, Reporting, ISO/IEC 25010:2013