Open Source Security Testing Methodology Manual (OSSTMM)

---

The Open Source Security Testing Methodology Manual (OSSTMM) is a comprehensive guide to security testing and provides a detailed set of procedures for managing operational security.

• developed by the Institute for Security and Open Methodologies (ISECOM)
  • is an open security resource organization (isecom.org)
• Open Source Security Testing Methodology Manual (OSSTM) v3
• framework that provides a comprehensive and structured approach to security testing
  • considers vulnerability context
• covers various aspects of security testing:
  • operational
  • physical
  • and wireless security testing
• provides a standardized methodology for conducting security tests and assessing the effectiveness of security controls
• can help identify vulnerabilities and weaknesses in an organization’s systems, software, and networks
• helps develop consistent and repeatable testing processes across all systems
• licensed under Creative Commons and is freely available for everyone
• sections:
  • Security Analysis
  • Operational Security Metrics
  • Trust Analysis
  • Work Flow
  • Human Security Testing
  • Physical Security Testing
  • Wireless Security Testing
  • Telecommunications Security Testing
  • Data Networks Security Testing
  • Compliance Regulations
  • Reporting with the STAR (Security Test Audit Report)