CREST Practitioner Security Analyst (CPSA) Practice

Which organization is known for developing the Pen Testing Execution Standard?

• A. ISECOM
• B. OWASP
• C. PTES
• D. CPNI

The correct answer is: PTES

The organization known for developing the Pen Testing Execution Standard (PTES) is PTES itself. This standard was created to provide a cohesive framework for penetration testing, outlining best practices and a comprehensive approach to conducting security assessments. PTES focuses on defining the phases and methodologies used in penetration testing, ensuring that professionals in the field have a guideline to follow for consistent and effective security evaluations. PTES includes detailed components like pre-engagement interactions, intelligence gathering, threat modeling, and post-engagement clean-up, which are all essential aspects of a penetration test. Organizations that adhere to PTES benefit from a structured approach, enabling them to meet various compliance and security requirements more effectively. The other organizations listed, while influential in the cybersecurity field, focus on different aspects. ISECOM is known for the OSSTMM (Open Source Security Testing Methodology Manual), which serves as a set of guidelines for security testing but is not specifically limited to penetration testing like PTES. OWASP (the Open Web Application Security Project) is dedicated to improving the security of software and web applications, providing resources like the OWASP Top Ten, rather than focusing solely on penetration testing methodologies. CPNI (Centre for the Protection of National Infrastructure) focuses on protecting critical national infrastructure