II.
LibraryProcess overview
Reference · livelib-process:security-compliance--penetration-testing
penetration-testing overview
Penetration Testing Program - Comprehensive ethical hacking and security assessment framework following OWASP Testing Guide and PTES (Penetration Testing Execution Standard) methodologies. Covers scoping, reconnaissance, vulnerability assessment, exploitation, post-exploitation, reporting, and remediation validation with structured testing phases for web applications, networks, APIs, mobile apps, and cloud infrastructure.
Attributes
displayName
penetration-testing
description
Penetration Testing Program - Comprehensive ethical hacking and security assessment framework following
OWASP Testing Guide and PTES (Penetration Testing Execution Standard) methodologies. Covers scoping, reconnaissance,
vulnerability assessment, exploitation, post-exploitation, reporting, and remediation validation with structured
testing phases for web applications, networks, APIs, mobile apps, and cloud infrastructure.
libraryPath
library/specializations/security-compliance/penetration-testing.js
specialization
security-compliance
references
- - OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/ - PTES Technical Guidelines: http://www.pentest-standard.org/index.php/Main_Page - NIST SP 800-115: https://csrc.nist.gov/publications/detail/sp/800-115/final - OWASP Top 10: https://owasp.org/www-project-top-ten/ - OWASP API Security Top 10: https://owasp.org/www-project-api-security/ - MITRE ATT&CK Framework: https://attack.mitre.org/
example
const result = await orchestrate('security-compliance/penetration-testing', {
projectName: 'E-Commerce Platform',
targetScope: {
webApplications: ['https://app.example.com', 'https://admin.example.com'],
apis: ['https://api.example.com/v1', 'https://api.example.com/v2'],
networks: ['10.0.0.0/24'],
mobileApps: ['com.example.app'],
cloudInfrastructure: ['AWS Account: 123456789']
},
testingType: 'comprehensive', // 'comprehensive' | 'focused' | 'retest'
methodology: 'OWASP', // 'OWASP' | 'PTES' | 'NIST' | 'Custom'
approach: 'grey-box', // 'black-box' | 'grey-box' | 'white-box'
complianceRequirements: ['PCI-DSS', 'SOC2', 'ISO27001', 'HIPAA'],
testingDuration: '2-weeks',
authorizedTesters: ['security-team@example.com'],
retestAfterRemediation: true,
testingWindow: { start: '2026-02-01', end: '2026-02-14' },
emergencyContact: 'security-lead@example.com'
});
usesAgents
- pentest-scoping-specialist
- recon-specialist
- manual-tester
- exploitation-specialist
- post-exploitation-specialist
- api-security-tester
- network-pentester
- cloud-security-tester
- social-engineer
- compliance-auditor
- risk-scoring-agent
- remediation-advisor
- pentest-report-writer
- retest-coordinator
usesSkills
- owasp-security-scanner
Outgoing edges
lib_applies_to_domain1
- domain:security·DomainSecurity
lib_belongs_to_specialization1
- specialization:security-compliance·Specialization
lib_implements_workflow2
- workflow:code-review·Workflow
- workflow:vulnerability-management·Workflow
uses_agent2
- lib-agent:software-architecture--compliance-auditor·LibraryAgentcompliance-auditor
- lib-agent:security-compliance--risk-scoring-agent·LibraryAgentrisk-scoring-agent
uses_skill1
- lib-skill:security-compliance--owasp-security-scanner·LibrarySkillowasp-security-scanner
Incoming edges
None.