Make You Can Sleep Well : 25 Resources On Penetration Testing

Penetration testing, popularly known as 'pentesting', 'pen testing', or 'security testing', is the art of attacking your own or your client's system and networks exactly how a hacker would do. This helps an ethical hacker identify the security glitches, vulnerabilities and exploits. So here's bringing 25 resources to learn more about this method.

Hacker, ethical hacking, hacking, penetration testing, pentest, kali linux, backtrack, resources on penetration testing, free resources on penetration testing

Also, learn about the most advanced penetration testing distribution, Kali Linux here.

General Information

1. SANS Institute Penetration Testing Reading Room

A set of resources on penetration testing trends, written by students as part of their certification requirements.

2. Penetration Testing Directory Project

An independent online directory, which offers direct links for information on penetration testing and related content.

3. Vulnerability Testing Glossary

A comprehensive index of vulnerability and penetration testing terminology published by the University of Oulu, Finland.


4. National Institute of Standards and Technology (NIST)
“Special Document 800-42: Guideline on Network Security Testing”

A US government-issued paper.

5. Information Systems Audit and Control Association (ISACA)
“Network Penetration Testing”

A slide presentation authored by Jack Jones, director of information security at Nationwide.

Web Application


A read on “Web application penetration testing: Best practices”. Provides an overview of the web application penetration testing process.

7. SecurityFocus
Research article on “Five common Web application vulnerabilities”

8. Ethical Hacker Network
Informational article on “How to Break Software”:

Blogs And Opinions

9. PaulDotCom Community Blog

A security community blog with a focus on penetration testing and an array of expert industry contributors.

10. Penetration Testing Directory Project Blog

An ongoing study of the security assessment process, industry and related issues, written by professional pen testers.


A blog about security and penetration testing, written by a professional pen tester.

12. Security Second Thoughts

A blog about penetration testing and security research written by an independent security consultant.

White Papers, Podcasts and Other Resources

13. Penetration Testing Mailing List

A mailing list for the discussion of issues and questions about penetration testing and network auditing, hosted by SecurityFocus.

14. CISSP White Papers

An index of security and penetration testing white papers maintained by training experts Logical Security.

15. Seven Deadly Penetration Testing Sins

A list of security testing no-no’s published by code analysis providers Matasano Security.

16. PaulDotCom Security Weekly

Videocast of the PaulDotCom audio podcast, which covers a broad array of security and penetration testing issues.

17. Security Training WebCasts

A series of expert videocasts hosted by leading security and testing trainers from SANS Institute.


18. InfoSec Institute

A security training organisation’s blog on practical penetration testing techniques.

19. The Institute for Security and Open Methodologies (ISECOM)

Open Source Security Testing Methodology Manual.

20. Common Criteria Web Application Security Scoring (CCWAPSS)

A comprehensive security scoring method for Web applications.

21. Information Systems Security Assessment Framework (ISSAF)

A security testing methodology published by the Open Information Systems Security Group (OISSG).

22. Penetration Testing Framework

An outline for planning assessments and gathering information relevant to the penetration testing process.

Wireless Penetration Testing

23. SANS Institute

Wireless security training and penetration testing tutorial.

24. PaulDotCom Network Security Projects

Notes from a training course on hacking wireless routers and using them in penetration tests.


A wireless penetration testing framework.

Atithya Amaresh, EFYTIMES News Network

Share this

Related Posts

Next Post »