002.1 Pentesting methodologies
What is it?
When you’ve been testing for a while, you’ll start to see patterns emerge. Some testers have better quality standards than others and some will have totally different ways of testing. To make this more uniform and deliver a better end product for our customers, we can rely on a standardized methodology. A unified way of testing but how do we define that with so many different technologies and requirements out there? That is where methodologies come into play, they are a set of unified guidelines that can help you perform your pentests better and give the client a better level of coverage.
Why use a methodology
Of course, everyone can hack but the complete process (including documentation) can get quite complex. We want to make sure to always deliver the same quality but we can only do that if we always follow roughly the same guidelines for every type of test. You might find it funny that only 5 big methodologies exist at the moment, given the number of different types of pentesting we can do but these methodologies go very deep and cover every aspect of the pentest. Some are more specialized than others and aim at more of a niche market while others are more general.
