This post lists some industry-standard penetration testing methodologies.
- OWASP Web Security Testing Guide
- OSSTMM
- NIST SP 800-115
- FedRAMP Penetration Test Guidance
- PCI DSS Information Supplement on Penetration Testing
List of industry-standard penetration testing methodologies
OWASP Web Security Testing Guide
https://owasp.org/www-project-web-security-testing-guide/
Open Source Security Testing Methodoloy Manual (OSSTMM)
https://www.isecom.org/research.html
Institute for Security and Open Methodologies (ISECOM) issue the Open Source Security Testing Methodology Manual (OSSTMM).
NIST SP 800-115
https://www.nist.gov/privacy-framework/nist-sp-800-115
NIST Special Publication 800-115.
FedRAMP Penetration Test Guidance
https://www.fedramp.gov/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf
FedRAMP.gov is a product of GSA’s Technology Transformation Services.
It includes document “Penetration Test Guidance” among its online resources.
PCI DSS Information Supplement on Penetration Testing
https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf
As of 2021, document was last updated on September 2017.
External references
- “CISSP Study Guide 9th Edition”; Mike Chapple et al; 2021