Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 

List of Penetration Testing Methodologies

This post lists some industry-standard penetration testing methodologies.

  • OWASP Web Security Testing Guide
  • OSSTMM
  • NIST SP 800-115
  • FedRAMP Penetration Test Guidance
  • PCI DSS Information Supplement on Penetration Testing

List of industry-standard penetration testing methodologies

OWASP Web Security Testing Guide

https://owasp.org/www-project-web-security-testing-guide/

Open Source Security Testing Methodoloy Manual (OSSTMM)

https://www.isecom.org/research.html
Institute for Security and Open Methodologies (ISECOM) issue the Open Source Security Testing Methodology Manual (OSSTMM).

NIST SP 800-115

https://www.nist.gov/privacy-framework/nist-sp-800-115
NIST Special Publication 800-115.

FedRAMP Penetration Test Guidance

https://www.fedramp.gov/assets/resources/documents/CSP_Penetration_Test_Guidance.pdf
FedRAMP.gov is a product of GSA’s Technology Transformation Services.
It includes document “Penetration Test Guidance” among its online resources.

PCI DSS Information Supplement on Penetration Testing

https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf
As of 2021, document was last updated on September 2017.

 

External references

  • “CISSP Study Guide 9th Edition”; Mike Chapple et al; 2021
pmgallardo

About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


*

Política de privacidad
Studii Salmantini. Campus de excelencia internacional