Security Testing Methodologies:
- Open Web Application Security Project (OWASP)
- Open Source Security Testing Methodology Manual (OSSTMM)
- International Organization for Standardization (ISO) standard 27002
List of Security Testing Methodologies
Open Web Application Security Project (OWASP)
Open Web Application Security Project (OWASP) is the Open Web Application Security Project, which is an open-source application security project that assists the organizations to purchase, develop and maintain software tools, software applications, and knowledge-based documentation for Web application security. It provides a set of tools and a knowledge base, which help in protecting Web applications and services. It is beneficial for system architects, developers, vendors, consumers, and security professionals who might work on designing, developing, deploying, and testing the security of Web applications and Web services.
Open Source Security Testing Methodology Manual (OSSTMM)
OSSTMM is the Open-Source Security Testing Methodology Manual, compiled by Pete Herzog. It is a peer-reviewed methodology for performing high-quality security tests such as methodology tests: data controls, fraud and social engineering control levels, computer networks, wireless devices, mobile devices, physical security access controls, and various security processes. OSSTMM is a standard set of penetration tests to achieve security metrics. It is considered to be a de facto standard for the highest level of testing, and it ensures high consistency and remarkable accuracy.
International Organization for Standardization (ISO) standard 27002
Guidelines and practices for security controls
What is the main difference between OSSTMM and OWASP?
OSSTMM addresses controls and OWASP does not.
External References
- CEH v10: Module 1