This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Penetration testing methodologies"
(→Reference) |
(→Open Source Security Testing Methodology Manual (OSSTMM)) |
||
Line 24: | Line 24: | ||
== Open Source Security Testing Methodology Manual (OSSTMM) == | == Open Source Security Testing Methodology Manual (OSSTMM) == | ||
+ | OSSTMM is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. | ||
+ | OSSTMM can be supporting reference of IOS 27001 instead of a hands-on penetration testing guide. | ||
+ | |||
+ | OSSTMM includes the following key sections: | ||
+ | ** Operational Security Metrics | ||
+ | ** Trust Analysis | ||
+ | ** Work Flow. | ||
+ | ** Human Security Testing | ||
+ | ** Physical Security Testing | ||
+ | ** Wireless Security Testing | ||
+ | ** Telecommunications Security Testing | ||
+ | ** Data Networks Security Testing | ||
+ | ** Compliance Regulations | ||
+ | ** Reporting with the STAR (Security Test Audit Report) | ||
== PCI Penetration testing guide == | == PCI Penetration testing guide == |
Revision as of 22:59, 1 April 2016
- 1 Summary
- 2 Penetration Testing Execution Standard (PTES)
- 3 Open Source Security Testing Methodology Manual (OSSTMM)
- 4 PCI Penetration testing guide
- 5 Penetration Testing Framework
- 6 Technical Guide to Information Security Testing and Assessment (NIST800-115)
- 7 Information Systems Security Assessment Framework (ISSAF)
- 8 Reference
Summary
- OWASP testing guide
- PCI Penetration testing guide
- Penetration Testing Execution Standard
- Open Source Security Testing Methodology Manual (“OSSTMM”)
- NIST 800-115
- Penetration Testing Framework
- Information Systems Security Assessment Framework (ISSAF)
Penetration Testing Execution Standard (PTES)
PTES defines penetration testing as 7 phases.
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Instead of simply methodology or process, PTES also provides hands-on technical guidelines for what/how to test, rationale of testing and recommended testing tools and usage.
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Open Source Security Testing Methodology Manual (OSSTMM)
OSSTMM is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of IOS 27001 instead of a hands-on penetration testing guide.
OSSTMM includes the following key sections:
- Operational Security Metrics
- Trust Analysis
- Work Flow.
- Human Security Testing
- Physical Security Testing
- Wireless Security Testing
- Telecommunications Security Testing
- Data Networks Security Testing
- Compliance Regulations
- Reporting with the STAR (Security Test Audit Report)
PCI Penetration testing guide
Penetration Testing Framework
Technical Guide to Information Security Testing and Assessment (NIST800-115)
Information Systems Security Assessment Framework (ISSAF)
Reference
- https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
- http://www.pentest-standard.org/index.php/Main_Page
- http://www.isecom.org/research/osstmm.html
- http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
- http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-6_kscarfone-rmetzer_security-testing-assessment.pdf
- http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
- https://www.owasp.org/images/0/04/Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl%2BJohannes_Stroeher.pdf
- http://www.mcafee.com/tw/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf
- https://www.kali.org/
- http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines