List of Penetration Testing Methodologies

This post lists some industry-standard penetration testing methodologies.

  • OWASP Web Security Testing Guide
  • OSSTMM
  • NIST SP 800-115
  • FedRAMP Penetration Test Guidance
  • PCI DSS Information Supplement on Penetration Testing

List of industry-standard penetration testing methodologies

OWASP Web Security Testing Guide

https://owasp.org/www-project-web-security-testing-guide/

Open Source Security Testing Methodoloy Manual (OSSTMM)

https://www.isecom.org/research.html
Institute for Security and Open Methodologies (ISECOM) issue the Open Source Security Testing Methodology Manual (OSSTMM).

NIST SP 800-115

https://www.nist.gov/privacy-framework/nist-sp-800-115
NIST Special Publication 800-115.

FedRAMP Penetration Test Guidance

https://www.fedramp.gov/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf
FedRAMP.gov is a product of GSA’s Technology Transformation Services.
It includes document “Penetration Test Guidance” among its online resources.

PCI DSS Information Supplement on Penetration Testing

https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf
As of 2021, document was last updated on September 2017.

 

External references

  • “CISSP Study Guide 9th Edition”; Mike Chapple et al; 2021

Leave a Reply

Your email address will not be published. Required fields are marked *