OSSTMM (Open Source Security Testing Methodology Manual) :
OSSTMM (pronounced as "awstem") is a is a peer-reviewed methodology for performing security tests and metrics. The test cases are divided into six sections :
- Information Security
- Process Security
- Internet Technology Security
- Communications Security
- Wireless Security
- Physical Security
This standard is widely preferred due to its lesser false-positives and accurate results. It also takes care that the whole penetration testing process is carried out efficiently and reliably, not causing any kind of trouble to any sides.
It follows a process of four connected phases, namely definition phase, information phase, regulatory phase, and controls test phase. Each of which obtain, assess, and verify the information regarding the target environment.
Information Systems Security Assessment Framework (ISSAF)
The ISSAF is another open source security auditing framework. The ISSAF framework, is divided into two categories of security : Management and Technical.
Management part addresses the best managing practices to be followed along with the security testing process, whereas the technical part is to focus on the core set of rules and processes to be followed in order to assess the security.
The assessment process chooses the shortest path to reach the test deadline by analyzing its target against critical vulnerabilities that could be exploited. It also focuses on integrating its framework in a regular business cycle.
However, ISSAF is still in its initial stages, and is in normal practices, used along with the OSSTMM methodology.