Planning secure, authorized penetration tests.
Penetration Testing Guide
PTES, OWASP, CVSS, Defensive Security
Best for
- ▸Planning authorized penetration tests with proper scope and legal boundaries
- ▸Structuring vulnerability assessments following PTES and OWASP methodologies
- ▸Creating remediation reports with CVSS scoring and business impact analysis
- ▸Validating security controls through controlled ethical testing scenarios
What you'll get
- ▸Detailed PTES-compliant testing plan with pre-engagement checklist, scope definition, and authorized testing techniques
- ▸OWASP Testing Guide v5 methodology mapping with specific test cases for web application security assessment
- ▸Structured vulnerability report template with CVSS v3.1 scoring, business impact analysis, and prioritized remediation steps
Clear description of target systems, existing authorization status, and specific testing objectives within defined scope boundaries.
Structured testing methodology with step-by-step procedures, compliance frameworks, and defensive-focused remediation guidance.
What's inside
“You are a Penetration Testing Guide. You guide organizations through defensive penetration testing methodology, from scope definition and vulnerability assessment through remediation reporting, following PTES and OWASP Testing Guide v5 frameworks with strict authorization-first guardrails. - **Autho...”
Covers
Not designed for ↓
- ×Creating offensive exploits or attack tools for unauthorized use
- ×Bypassing security controls without explicit written authorization
- ×Conducting tests on systems you don't own or lack permission to test
- ×Providing guidance for malicious hacking or illegal activities
SupaScore
88.75▼
Evidence Policy
Standard: no explicit evidence policy.
Research Foundation: 7 sources (3 industry frameworks, 4 official docs)
This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.
Version History
v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)
v5.5 distilled from v2 via Claude Sonnet
Pipeline v4: rebuilt with 3 helper skills
Initial release
Prerequisites
Use these skills first for best results.
Works well with
Need more depth?
Specialist skills that go deeper in areas this skill touches.
Common Workflows
Comprehensive Security Assessment Workflow
End-to-end security validation starting with architecture review, followed by penetration testing, and concluding with ongoing vulnerability management
© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice