This post features penetration testing methodologies.
Take into account that penetration or IT security testing may be consider a subset of quality assurance.
You can read about IT security testing frameworks on this post.
You can read about secure software development frameworks on this post.
List of industry-standard penetration testing methodologies
This post lists some industry-standard penetration testing methodologies.
- OWASP Testing Framework – Penetration Testing Methodologies
- OWASP Web Security Testing Guide
- OSSTMM
- NIST SP 800-115
- FedRAMP Penetration Test Guidance
- PCI DSS Information Supplement on Penetration Testing
OWASP Testing Framework – Penetration Testing Methodologies
OWASP has a section dedicated to penetration testing methodologies within its OWASP Testing Framework.
OWASP Testing Framework – Penetration Testing Methdologies Official website
Pen Testing Framework (PTF)
Open Source Security Testing Methodology Manual (OSSTMM)
https://www.isecom.org/research.html
Institute for Security and Open Methodologies (ISECOM) issue the Open Source Security Testing Methodology Manual (OSSTMM).
NIST SP 800-115
https://www.nist.gov/privacy-framework/nist-sp-800-115
NIST Special Publication 800-115.
FedRAMP Penetration Test Guidance
https://www.fedramp.gov/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf
FedRAMP.gov is a product of GSA’s Technology Transformation Services.
It includes document “Penetration Test Guidance” among its online resources.
PCI DSS Information Supplement on Penetration Testing
https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf
As of 2021, document was last updated on September 2017.
You might also be interested in…
External references
- “CISSP Study Guide 9th Edition”; Mike Chapple et al; 2021