Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 44

The Open-Source Security Testing Methodology Manual (OSSTMM) is a methodology for security testing that is maintained by the Institute for Security and Open Methodologies (ISECOM). You can download the OSSTMM document from www.isecom.org/OSSTMM.3.pdf.

The Penetration Testing Execution Standard (PTES) is a methodology for performing penetration tests. PTES breaks the penetration test down into seven phases: pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting. You can learn more about PTES and the technical guidelines to performing a pentest at www.pentest-standard.org/index.php/Main_Page.

The Information Systems Security Assessment Framework (ISSAF) is a methodology that provides technical guidance related to performing a penetration test. There are a number of ISSAF technical documents that discuss a wide range of security assessment categories such as wireless LAN security assessment, Windows security assessments, VPN security assessments, and so on. To see a list of these documents check out the following URL:

https://sourceforge.net/projects/isstf/files/issaf%20document/issaf0.1

Be sure to understand the general purpose of each of the security testing methodologies mentioned here. Specifically note MITRE ATT&CK, OWASP Top 10, and PTES.