🗒️Methodologies

Penetration Testing and Red Team Methodologies

What are Methodologies?

These are globally recognised standards for Red and Blue teams. The purpose of having methodologies is to set a standard across every country or company.

OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of ISO 27001 instead of a hands-on or technical application penetration testing guide. ~ OWASP

The Open Web Application Security Project Methodology covers 3 parts - Web Security (WSTG), Mobile Security (MSTG), and Firmware Security. They are most popularly known by the OWASP Top 10 ratings for popular Web Vulnerabilities for each given year. OWASP also creates labs such as DVWA and Juice Shop where you can practice and learn about their Top 10 vulnerabilities and how to exploit them.

NIST

The NIST Cyber Security Framework covers the Blue Team Methodology of Identify, Protect, Detect, Respond and Recover. They set standards on best practices, Guidelines and Standards for managing cyber security risks. Additionally, NIST provides free online learning to teach end users how to use their framework, and how to implement them into their businesses and lives.

PTES

The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. ~ FutureLearn

Cyber Killchain

Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures. ~ Lockheed Martin

PreviousCreating Templates NextOSSTMM

Last updated 1 year ago

What are Methodologies?

These are globally recognised standards for Red and Blue teams. The purpose of having methodologies is to set a standard across every country or company.

The Open Source Security Testing Methodology Manual (OSSTMM) is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of ISO 27001 instead of a hands-on or technical application penetration testing guide. ~ OWASP

The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. ~ FutureLearn

Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures. ~ Lockheed Martin