Penetration testing can be carried out by following different standards and schemes. ISACA (Standards for Information System Auditing) was formed in 1967 by group of professionals that performed auditing controls in system. ISACA covers information governance, control, security and audits. It issues Certified Information Systems Auditor (CISA) certification to professionals. It standards are used in penetration testing. Communications-Electronics Security Group (CESG) was established in 1969. It provides Information Assurance policy, advice and services to civil, military institutions and private organizations. IA ensures that information provided to systems will be protected and handled according to guidelines. It provides CHECK standard which is used in penetration testing to find vulnerabilities in systems that effect confidentiality, integrity and availability of information. Institute for Security and Open Methodologies (ISECOM) was established in 2001. It launched peer review methodology called Open Source Security Testing Methodology Manual (OSSTMM) to perform security tests and most of this paper deals with this manual.