Open Source Security Testing Methodology Manual (OSSTMM)


Open Source Security Testing Methodology Manual (OSSTMM)

The Open Source Security Testing Methodology Manual (OSSTMM) was released by Pete Herzog and is distributed by the Institute for Security and Open Methodologies (ISECOM). This free document is concentrated on improving the quality of enterprise security as well as the methodology and strategy of testers.

Rather of making security testing a black art of mystery, this very comprehensive document shows for repeatability, consistency, and high quality in various kinds of security tests. The OSSTMM is written so that organizations and the testers they hire get the maximum business value for their routines and activities. Earlier versions of the OSSTMM are offered for free. The latest version and drafts of new updates are accessible to Silver subscribing members. Gold subscribers get those items as well, plus extra research, mailing lists, and contacts for business inquiries and concerns.

Download OSSTM latest version here.

The overall document is very extensive, covering various kinds of security tests. Although it does not get into depth with specific commands and tools, but is still profoundly valuable.

Topics tackled in the OSSTMM include the competitive intelligence review (conducting reconnaissance against the target enterprise), Internet security analysis (finding and acquiring open ports and vulnerabilities in Internet accessible systems), and communications security (addressing vulnerabilities commonly found in PBXs, modems, and fax machines). The method also includes modules for examining wireless security (particularly Wireless LANs) and physical security.

One particular ideal aspects of the OSSTMM is its thorough discussion of scoping a project in advance, as well the report templates that it includes. OSSTMM has fill-in-the-blank templates for practically every kind of test it describes.

osstmm

Open Source Security Testing Methodology Manual (OSSTMM)
– Was written by Pete Herzog, and is being distributed by Institute for Security and Open Methodologies (ISECOM)
– It gives emphasis on getting business value.
– If gives helpful broad description of categories of testing, and it includes step-by-step process description and information, but not deep with particular penetration testing tools and commands
– OSSTM covers Competitive Intelligence Review, Internet Security (port scanning, firewalls, etc. ), Communication Security, Physical Security, Wireless Security, etc.
– Includes numerous information-gathering templates.


Incoming search terms:

  • osstmm
  • penetration testing methodology
  • open source security testing methodology manual
  • pen testing methodology
  • osstm
  • open source penetration testing methodology
  • osstmm methodology
  • the open source security testing methodology manual
  • open source security testing methodology
  • penetration test methodology