Company management has asked that you compare the OSSTMM and

Company management has asked that you compare the OSSTMM and the PTES in order to determine which methodology to select for internal testing. Compare these two methodologies and explain in detail about both.

Solution

Penetration testing has several methodologies-OSSTMM and PTES is one of them.

Basic comparison between OSSTMM and PTES are as follows -

Penetration testing methodoogy

Penetration Testing Execution Standard (PTES) :There are 7 phases which is used to define PTES for penetration testing.

1)Pre-engagement Interactions

2)Intelligence Gathering

3)Threat Modeling

4)Vulnerability Analysis

5)Exploitation

6)Post Exploitation

7)Reporting

On the other hand,OSSTMM is used for performing penetration testing and to obtain security metrics.The OSSTMM provides transparency to those who have inadequate security configurations and policies.The OSSTMM includes the entire risk assessment process starting from requirement analysis to report creation.

The six areas covered by OSSTMM are -

1)Information security

2)Process security

3)Internet technology security

4)Communications security

5)Wireless security

6)Physical security