# Methodologies ## What are Methodologies? These are globally recognised standards for Red and Blue teams. The purpose of having methodologies is to set a standard across every country or company. ### [OSSTMM](/general-security/methodologies/osstmm.md) > The Open Source Security Testing Methodology Manual (OSSTMM) is a methodology to test the operational security of physical locations, workflow, human security testing, physical security testing, wireless security testing, telecommunication security testing, data networks security testing and compliance. OSSTMM can be supporting reference of ISO 27001 instead of a hands-on or technical application penetration testing guide. *\~* [*OWASP*](https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies#open-source-security-testing-methodology-manual) ### [OWASP](/general-security/methodologies/owasp.md) The Open Web Application Security Project Methodology covers 3 parts - Web Security (WSTG), Mobile Security (MSTG), and Firmware Security. They are most popularly known by the OWASP Top 10 ratings for popular Web Vulnerabilities for each given year. OWASP also creates labs such as DVWA and Juice Shop where you can practice and learn about their Top 10 vulnerabilities and how to exploit them. ### [NIST](/general-security/methodologies/nist.md) The NIST Cyber Security Framework covers the Blue Team Methodology of Identify, Protect, Detect, Respond and Recover. They set standards on best practices, Guidelines and Standards for managing cyber security risks. Additionally, NIST provides [free online learning](https://www.nist.gov/cyberframework/online-learning) to teach end users how to use their framework, and how to implement them into their businesses and lives. ### [PTES](/general-security/methodologies/ptes.md) > The Penetration Testing Execution Standard (PTES) is the most recent (and arguably the most complete overall) penetration testing methodology to date. It was developed by a team of information security practitioners with the aim of addressing the need for a complete and up-to-date standard in penetration testing. \~ [FutureLearn](https://www.futurelearn.com/info/courses/ethical-hacking-an-introduction/0/steps/71523) ### [Cyber Killchain](/general-security/methodologies/cyber-killchain.md) > Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective. > > The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures. \~ [*Lockheed Martin*](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.securescape.cc/general-security/methodologies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.