Open Source Security Testing Methodology Manual
Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=84
Printed Date: 13Dec2024 at 10:11am
Topic: Open Source Security Testing Methodology Manual
Posted By: Amrita
Subject: Open Source Security Testing Methodology Manual
Date Posted: 17Feb2007 at 9:49am
How did the project for an Open Source Security Testing Methodology Manual (OSSTMM) start?
ISECOM began in January 2001 with the http://www.osstmm.org/ - OSSTMM .
Actually, the OSSTMM created ISECOM. The truth is really that I wanted
to create a plan on how to test security because I didn't think it was
being done right and I wanted to improve it. So I searched the net only
to find everyone referring to this proprietary methodology they have
that's so great. But I couldn't know because I couldn't see it. I was
suspicious that it was true because I had seen the reports of some of
the companies that said that they had some great proprietary
methodology and there was nothing special about what was essentially
vulnerability scanner outputs re-dressed as reports. So once I finished
something, I posted it to the web and asked the public to give
feedback. I had no idea that I was not the only one in need of such a
thing. So here we are, five years later and the OSSTMM is at around
four million downloads since its inception - with legislation requiring
its
use in some countries and some government employees and contractors
around the world being required to be http://www.isecom.org/certification_authority.shtml - certified
in it just to prove they can really do their jobs. And it's still
growing at a fast and shiny pace. We're trying to staff-up to handle
this all but that's a problem in itself.
|
|