Framework

OSSTMM

Open Source Security Testing Methodology Manual

OSSTMM is designed to be a comprehensive methodology for security testing and analysis.

OSSTMM is organized around five channels of security (Human, Physical, Wireless, Telecommunications, and Data Networks).

Detailed guidelines for how tests should be conducted, ensuring legal and ethical considerations.

Provides a systematic way to measure security posture and analyze results using the RAV (Risk Assessment Values).

https://www.isecom.org/OSSTMM.3.pdf

NIST 800-115

Designed to provide a standardized approach for federal agencies and other organizations to conduct information security assessments.

PTES

PTES is specifically aimed at standardizing the process of penetration testing in seven phases :

  • Pre-engagement Interactions

  • Intelligence Gathering

  • Threat Modeling

  • Vulnerability Analysis

  • Exploitation

  • Post Exploitation

  • Reporting

PTES Technical Guidelines - The Penetration Testing Execution Standard

OWASP

OWASP offers a range of resources, standards, guidelines and tools to help protect web applications from the most common and dangerous attacks.

LogoOWASP Foundation | Open Source Foundation for Application Security

ISSAF

Comprehensive and standardized approach for all aspects of security assessments, with a focus on detailed methodology and actionable recommendations.

LogoISSAF - Browse /issaf document/issaf0.1 at SourceForge.net

PreviousNucleiNextBinary Exploitation

Last updated

Was this helpful?