The Information Systems Security Assessment Framework (ISSAF) is a methodology where the penetration tester imitates the hacking steps with some additional phases. It goes through the following phases: 

• Information gathering
• Network mapping
• Vulnerability identification
• Penetration
• Gaining access and privilege escalation
• Enumerating further
• Compromising remote users/sites
• Maintaining access
• Covering the tracks