Penetration Testing Methodology

One of the most vital factors in conducting a successful pen test is the fundamental methodology. A lack of a formal methodology means no uniformity, and I am sure you don't want to be the one funding a pen test and watching the testers poking around cluelessly.

A methodology defines a set of rules, practices, and procedures that are pursued and implemented during the course of any information-security audit program. A penetration testing methodology defines a roadmap with practical ideas and proven practices that can be followed to assess the true security posture of a network, application, system, or any combination thereof.

While a penetration tester's skills need to be specific for the job, the manner in which it is conducted shouldn't be. That being said, a proper methodology should provide a meticulous framework for conducting a complete and truthful penetration test, but need not be obstructive—it should allow the tester to fully explore their hunches.