Difference between revisions of "Penetration testing methodologies"

Revision as of 22:47, 1 April 2016

Summary

• OWASP testing guide
• PCI Penetration testing guide
• Penetration Testing Execution Standard
• Open Source Security Testing Methodology Manual (“OSSTMM”)
• NIST 800-115
• Penetration Testing Framework
• Information Systems Security Assessment Framework (ISSAF)

Penetration Testing Execution Standard (PTES)

Open Source Security Testing Methodology Manual (OSSTMM)

PCI Penetration testing guide

Penetration Testing Framework

Technical Guide to Information Security Testing and Assessment (NIST800-115)

Information Systems Security Assessment Framework (ISSAF)

Reference

• https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf
• http://www.pentest-standard.org/index.php/Main_Page
• http://www.isecom.org/research/osstmm.html
• http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
• http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-6_kscarfone-rmetzer_security-testing-assessment.pdf
• http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
• https://www.owasp.org/images/0/04/Security_Testing_Guidelines_for_mobile_Apps_-_Florian_Stahl%2BJohannes_Stroeher.pdf
• http://www.mcafee.com/tw/resources/white-papers/foundstone/wp-pen-testing-android-apps.pdf
• https://www.kali.org/