Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
How we work

Testing and audit methodology

OWASP WSTG, PTES, OSSTMM, TIBER-EU, NIST CSF and ISO 27005. International standards instead of guesswork.

Frameworks and standards

Which methodologies we use

OWASP WSTG (Web Security Testing Guide)

International standard for web application security testing. Covers reconnaissance, authentication, authorisation, business logic and data transmission testing.

PTES (Penetration Testing Execution Standard)

Seven-phase penetration testing framework. From information gathering and threat modelling, through execution, to report and remediation support.

OSSTMM (Open Source Security Testing Methodology Manual)

Operational security testing methodology. Covers physical security, sociological security and network security testing.

TIBER-EU (Threat Intelligence-Based Ethical Red Team)

European standard for financial red teaming. Combines penetration testing with threat intelligence and indicators of compromise.

NIST CSF (Cybersecurity Framework)

NIST framework for measuring and improving cybersecurity. Five functions: Identify, Protect, Detect, Respond, Recover.

ISO 27005 Risk Assessment

Risk assessment methodology aligned with ISO 27001. Asset identification, threat and vulnerability assessment, impact evaluation and control implementation.

Penetration testing process

Six phases from understanding to report

  1. 01

    1. Information gathering

    Understanding architecture, asset mapping, public information about the organisation, mapping potential attack paths.

  2. 02

    2. Threat modelling

    STRIDE/PASTA analysis, identification of attack scenarios, prioritisation of tests.

  3. 03

    3. Execution

    Vulnerability scanning, exploitation, authentication testing, source code analysis, post-exploitation.

  4. 04

    4. Analysis and verification

    Confirming each vulnerability, assessing business impact, classifying risk level.

  5. 05

    5. Reporting

    Documenting findings in understandable format, remediation guidance, implementation effort estimates.

  6. 06

    6. Remediation support

    Post-fix reviews, retesting, supporting technical teams in implementing fixes.

Want to know more?

We'll explain in detail how the methodology will be applied to your systems.

Book a consultation Back to About