PTES (Penetration Testing Execution Standard) is the international standard that defines the complete penetration testing process, from planning to reporting. MICAN.ro uses PTES for all penetration tests in Romania.
PTES was developed by the security community to create a common standard in the penetration testing industry. The PTES framework defines 7 mandatory phases: Pre-engagement Interactions, Intelligence Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, Post Exploitation, and Reporting. Each phase has well-defined activities, deliverables, and success criteria, ensuring consistency and quality.
All MICAN.ro penetration tests strictly follow the 7 PTES phases. Pre-engagement: we define scope, timelines, Rules of Engagement, contact points, escalation procedures. Intelligence Gathering: we collect technical and non-technical information about the target. Threat Modeling: we identify threat actors, attack vectors, and business impact. Vulnerability Analysis: we scan and manually validate vulnerabilities. Exploitation: we controllably exploit critical vulnerabilities. Post Exploitation: we simulate lateral movement and data exfiltration. Reporting: we deliver a report according to PTES standard with findings, evidence, severity, and recommendations.
PTES ensures that penetration testing is not just "vulnerability hunting" but a structured process that simulates real attackers. The PTES framework is required by: professional certifications (OSCP, OSCE), compliance standards (ISO 27001, PCI DSS), enterprise B2B contracts. Companies in Romania ordering penetration testing should verify that the tester follows a recognized standard like PTES. MICAN.ro reports based on PTES are accepted by auditors and insurers.