上QQ阅读APP看书,第一时间看更新
Open Source Security Testing Methodology Manual (OSSTMM)
The definition of the OSSTMM is mentioned on their official website, at https://www.isecom.org/OSSTMM.3.pdf:
It is a peer-reviewed manual of security testing and analysis that results in verified facts. These facts provide actionable information that can measurably improve your operational security.
Using the OSSTMM, an audit will provide a precise estimation of security at an operational level that clears out assumptions and unreliable evidence. It is used for thorough security testing and is designed to be consistent and repeatable. As an open source project, it is open to contributions from all security testers, encouraging increasingly accurate, actionable, and productive security tests.
OSSTMM includes the following key sections:
- Operational security metrics
- Trust analysis
- Human security testing
- Physical security testing
- Wireless security testing
- Telecommunications security testing
- Data network security testing
- Compliance regulations
- Reporting with the Security Test Audit Report (STAR)