security assessment activity (either legitimate or not) consists in the information gathering about a specific target. Information gathering, also recognized as footprinting, is the process of collecting all accessible information about that specific target. In a security assessment, the importance of this phase is clamorous and involves the examination, collection and classification of large volumes of data from the target network. The Penetration Testing Execution Standard (PTES), although still in an early and definition stage, provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner. The focus of this article consists in the analysis of the PTES and its recommendations on what concerns footprinting processes and to provide some contributions in terms of the practical applicability of the PTES recommendations.

--

Penetration testing,Pentests,Network vulnerabilities,PTES,Footprinting

• Physical Sciences - Natural Sciences