A Brief Note On Penetration Testing Methodology And Application Controls

955 Words Nov 14th, 2016 4 Pages
Penetration testing methodology is a document guide for pen-testers on how to successfully complete the Pen-testing process. There are wide range of methodologies and frameworks available. Each has unique characteristics and takes a distinct approach to penetration testing. All factors considered, it is important to apply a methodology that is suitable for each enterprise and institute to achieve the maximum efficiency.
The following table includes comparison between two methodologies-
Open Source Security Testing Methodology Manual (OSSTMM) Information Systems Security Assessment Framework (ISSAF)
OOSTMM as the name implies is a free manual used to conduct security testing in thorough and repeatable manner. This comprehensive document is well known for its consistency, repeatability and high quality in various kinds of security tests. ISSAF is also an open source methodology, used to evaluate the systems, network and application controls. The document gives assessments, strategies, as well as check-lists, to improve information security. It provides a list of common tools, that is a usually good point for community and help available.
Penetration testing methods are as follows:
1. Information Security Testing includes various tests of issues related to information.
2. Process Security Testing includes state review, a test of requirements, a test return requirements, a test of guide proposal, and a test of reliable persons.
3. Internet Technology Security Testing…

Related Documents