Can I use this for cloud-based applications on AWS or Azure?

Yes, it includes specific steps for verifying cloud provider policies and submitting required authorization requests for AWS, Azure, and GCP.

What testing standards does this checklist support?

The checklist is designed to align with major industry standards including PTES (Penetration Testing Execution Standard), OWASP, and NIST.

Is this suitable for both internal and external pentests?

Yes, the methodology accounts for various test types including external, internal, web application, social engineering, and red team simulations.

Does this skill help with post-test activities?

Absolutely. It provides a dedicated remediation phase that covers prioritizing findings, implementing fixes, cleanup procedures, and scheduling retests.

Pentest Checklist & Security Planner

Name: Pentest Checklist & Security Planner
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Provides a comprehensive, phased methodology for planning, executing, and remediating professional security penetration tests.

This skill acts as a specialized consultant for cybersecurity engagements, offering a structured framework to navigate the complexities of penetration testing. It guides users through critical phases including scope definition, environment preparation, tester selection, and post-engagement remediation. By integrating industry standards like OWASP and PTES, it ensures that security assessments are thorough, legally compliant with cloud provider policies, and aligned with business objectives to effectively mitigate digital risks.

Key Features

01Comprehensive 5-phase workflow from scoping to remediation

02Environment preparation guides for production, staging, and cloud environments

03Compliance mapping for GDPR, PCI-DSS, HIPAA, and provider policies

04Detailed monitoring and logging setup for real-time threat detection

05Criteria for evaluating pentesting expertise and certification standards

061 GitHub stars

Use Cases

01Creating a structured remediation plan to track and verify fixes for discovered vulnerabilities

02Setting up security monitoring and logging to distinguish pentest activity from real threats

03Defining the technical scope and boundaries for an upcoming third-party security audit

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro pentest-checklist

For use in Claude.ai and ChatGPT

Download Skill