NIST defines penetration testing as security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability. (Source)
This article describes the steps involved with planning a security test of your network. This guidance helps with understanding the proper commissioning and use of penetration tests. This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments. The OWASP Top 10 is an awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. This guidance is intended for entities that are required to conduct a penetration test. This is a link to avaliable SANS penetration testing courses. This whitepaper discusses how to properly define, verify, and control the scope of your security assessment.
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3. The document provides guidelines regarding planning and conducting penetration testing and analyzing and reporting on the findings. This is a methodology to test the operational security of physical locations, human interactions, and all forms of communications such as wireless, wired, analog, and digital. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. OWASP's mission is to help the world improve the security of its software. This link provides information about one methodology for web application penetration testing This link from OWASP provides a list of web security testing tools. The penetration testing execution standard covers all aspects of conducting a penetration test.