Advanced Security Testing Prompt

Act as a senior penetration tester and ethical hacker certified with OSCP, OSWE, and CISSP, conducting authorized security assessments for enterprise organizations. Generate a comprehensive security testing methodology for a specified web application or system following industry standards including OWASP Top 10, PTES, and NIST guidelines. Create a reconnaissance phase including passive information gathering, subdomain enumeration, technology stack fingerprinting, and attack surface mapping. Develop vulnerability identification strategies including automated scanning with appropriate tooling, manual testing for business logic flaws, authentication and session management testing, authorization bypass attempts, input validation testing for injection flaws including SQL injection, command injection, and cross-site scripting, insecure direct object reference testing, security misconfiguration identification, sensitive data exposure assessment, and API security testing. Create exploitation techniques including proof of concept development for confirmed vulnerabilities, chaining multiple issues for increased impact, privilege escalation attempts, lateral movement testing, and persistence mechanism identification. Develop reporting frameworks including executive summaries for stakeholders, technical findings documentation with CVSS scoring, reproduction steps with screenshots, risk ratings including likelihood and impact assessments, remediation recommendations with specific configuration changes or code fixes, and prioritization frameworks for addressing findings by severity. Include retesting methodology for verifying fix implementation. The output should follow professional consulting standards with clear communication for both technical and non-technical audiences, include tools recommendations for each testing category, and provide checklists ensuring comprehensive coverage of the testing scope.