Penetration Testing Methodologies

In doing the penetration testing there is a methodology needed just as we do any other testing procedure. This methodology is needed to make sure that the process is right and the result of the testing is reliable and could be used in the future development of the tested system as well. There are many different methodologies of this particular testing that can be used by anyone doing this testing. All of the methodologies are issued by different department with different characteristics as well. On this article there would be some of the most common methodologies of testing penetration used by people in doing this testing procedure.

The first methodology in doing penetration testing that is commonly used by people is the USSAF methodology. The ISSAF is the flagship project of the OISSG with the latest version is the version 0.2 that is available for any industry need to do this testing. This methodology is the first one that provides such validation for the bottom up strategies of the security. The next famous methodology of this testing is the OSSTMM which is Open Source Security Testing Methodology Manual. This one is a peer-reviewed security metrics and tests methodology.

There are five channels available on this methodology in conducting the security test to maximize the result including the data & information controls and also security awareness level of the personnel as well. The last one is the Open Web Application Security Project or the OWASP. This is an open-source security application project of the OWASP community. This community provides methodologies, tools, technologies, documentations, and also articles related to the testing of security on a particular system. All of those three are the most commonly used methodologies in conducting the testing of the network or computer security system known as the penetration testing.

Tweet