The Open-Source Security Testing Methodology Manual (OSSTMM)
The OSSTM was created in a peer review proves that created cases that test five sections:
- Information and data controls
- Personnel security awareness levels
- Fraud and social engineering levels
- Computer and telecommunication networks, wireless devices, and mobile devices
- Physical security access control, security process, and physical locations
The OSSTM measures the technical details of each of these areas and provides guidance on what to do before, during, and after a security assessment.
Penetration Testing Execution Standard (PTES)
The new kid on the block is definitely the PTES, which is a new standard aimed at providing common languages for all penetration testers and security assessment professionals to follow. PTES provides a client with a baseline of their own security posture, so they are in a better position to make sense of penetration testing findings. PTES is designed as a minimum that needs to be completed as part of a comprehensive penetration test. the standard contains many different levels of services that should be part of advanced penetration tests.