Open Source Security Testing Methodology Manual
Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=2716
Printed Date: 25May2024 at 6:20am
Topic: Open Source Security Testing Methodology Manual
Posted By: tanushree
Subject: Open Source Security Testing Methodology Manual
Date Posted: 08Oct2007 at 12:19am
How did the project for an Open Source Security Testing Methodology Manual (OSSTMM) start?
ISECOM began in January 2001 with the OSSTMM. Actually, the OSSTMM
created ISECOM. The truth is really that I wanted to create a plan on how to
test security because I didn't think it was being done right and I wanted to
improve it. So I searched the net only to find everyone referring to this
proprietary methodology they have that's so great. But I couldn't know because
I couldn't see it.
I was suspicious that it was true because I had seen the
reports of some of the companies that said that they had some great proprietary
methodology and there was nothing special about what was essentially
vulnerability scanner outputs re-dressed as reports. So once I finished
something, I posted it to the web and asked the public to give feedback. I had
no idea that I was not the only one in need of such a thing. So here we are,
five years later and the OSSTMM is at around four million downloads since its
inception - with legislation requiring its use in some countries and some
government employees and contractors around the world being required to be
certified in it just to prove they can really do their jobs. And it's still growing at a fast
and shiny pace. We're trying to staff-up to handle this all but that's a
problem in itself.
|
|