Penetration Testing Methodology
A Penetration Testing methodology is the organisation and execution of an assessment – in basic terms it is the process of testing. Methodologies exist to identify security vulnerabilities. Vulnerabilities can be present on many different platforms, so different assessment types exist to assess the different environments. Assessment can range from, security audits, dynamic analysis, web application assessment, infrastructure assessment, cloud assessment and many more.
There are several methodologies used for penetrating testing. Here are the Top 3:
OSSTMM – Open Source Security Testing Methodology Manual
OSSTM is a recognised testing methodology, peer-reviewed by ISECOM – The Institute of Security and Open Methodologies that provide many different resources to the security industry.
OWASP – Open Web Application Security Project
Owasp is an open-source non-profit organisation focused on web application security, with thousands of members working to secure the web.
NIST – National Institute of Standards and Project
NIST provides frameworks and information intending to enhance economic security and improve quality of life focused on perseverance, integrity, inclusivity and excellence.
Our Six-Step Penetration Testing Methodology
This methodology is cyclical in that the results of the Penetration Testing assessment are presented to the client, and provided as a report, feedback into the scope of additional tests. As security is a process rather than a solution, this methodology is designed to work alongside the ongoing process.
The 6 steps are broad categories and can generally be applied to multiple types of infrastructure assessment, regardless of whether it is internal, external or some other combination.
To find out more about our Penetration Testing services, click here.