confusion of terms there are many pentesting methodologies/frameworks available. Certain frameworks or
methodologies are free to use whereas others require
some form of membership, payment or contribution, for
example; technical input to the framework or methodology. Several pentesting methodologies and frameworks
widely available in particular include: Open Source Security Testing Methodology Manual (OSSTMM),
Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project
(OWASP), Metasploit Framework (MSF), and Building Security in Maturity Model (BSIMM)
Penetration
Testing Execution Standard (PTES).
The purpose of this research is to evaluate a selection of currently available pentesting methodologies and
frameworks (see above). We perform a gap analysis to determine if a pentesting framework is actually a
framework, i.e., it has a sound underlying ontology. A subset of these frameworks is evaluated against quality
criteria, which will determine their suitability for real world applications.
Dostları ilə paylaş: