blog




  • Essay / The Open Source Security Testing - 1682

    IntroductionThis report will explain how the penetration testing process defined by Weidman (2014) as “simulating real-world attacks to assess the risk associated with potential security breaches” (Weidman, 2014, p. 1) Using the Open Source Security Testing Methodology Manual (OSSTMM) can be used while combining the Threat Assessment Model for EPS (TAME). The report will describe the methodologies and how they relate to each other. The phases of OSSTMM and TAME will also be studied while analyzing the inputs and outputs of the methodologies by examining their correlation, before building on a clear standard operating procedure (SoP).PenTesting DiscussionThe Security Testing Methodology Handbook Open Source (OSSTMM) was designed as a set of guidelines for performing a comprehensive penetration test. OSSTMM was written as a methodology that should be followed to enable security personnel to be able to perform penetration testing that has measurable variables allowing for monitoring and retesting. If a methodology is not followed when performing a penetration test, it is said to be invalid because there is no way to confirm or test the activations performed during the test, which agrees with Herzog (2006) “any security test that does not follow scientific methodology has little or no measurable value” (Herzog, 2006, p.2). The OSSTMM process is divided into six sections, all of which must be examined during a penetration test. Within each of these sections, as in TAME, there are modules that must be followed and within a module are a number of tasks which, when completed, can form part of an OSSTMM report. The first section of OSSTMM is “Information Security”. ' this involves collecting information on ...... middle of paper ...... of the OSSTMM methodology. The identification report and vulnerability types come from the output of Section C where a list of vulnerabilities along with application/service types sorted by vulnerability.ConclusionIn conclusion, after reviewing both methodologies, OSSTMM and TAME and examined how there are inputs and outputs correlated between different phases and sections in the two methodologies. How TAME can also be used in conjunction with OSSTMM to form a comprehensive penetration test that will gather all the necessary information about the organization. I think there are strong correlations between OSSTMM and TAME, but the correlations are only visible in the initial phase of TAME, which allows for a methodical approach to collecting the necessary data about the organization, but does not allow for any similarities additional between the two methodologies..