OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics.The OSSTMM is a great resource for systems administrators who want to evaluate the security of a wide range of systems in an ordered and detailed way.It is a guide for evaluating how secure systems are. It contains detailed instructions on how to test systems in a methodological way, and how to evaluate and report on the results.


The OSSTMM consists of six section :-

* Information Security
* Process Security
* Internet Technology Security
* Communications Security
* Wireless Security
* Physical Security

An OSSTMM audit is an accurate measurement of security at an operational level, void of assumptions and anecdotal evidence. A proper methodology makes for a valid security measurement which is consistent and repeatable. An open methodology means that it is free from political and corporate agendas. An open source methodology allows for free dissemination of information and intellectual property. The OSSTMM is the collective development of a true security test and the computation of factual security metrics.The primary purpose of the OSSTMM is to provide a scientific methodology for the accurate characterization of security through examination and correlation in a consistent and reliable way. This manual is adaptable to most IS audits, penetration tests, ethical hacking, security assessments, vulnerability assessments, red-teaming, blue-teaming, posture assessments, war games, and security audits.