Print Page | Close Window

Open Source Security Testing Methodology Manual

Printed From: One Stop Testing
Category: Types Of Software Testing @ OneStopTesting
Forum Name: Security Testing @ OneStopTesting
Forum Discription: Discuss All that is need to be known about Security Testing, All Security Issues and its Tools.
URL: http://forum.onestoptesting.com/forum_posts.asp?TID=84
Printed Date: 28Dec2024 at 5:48pm


Topic: Open Source Security Testing Methodology Manual
Posted By: Amrita
Subject: Open Source Security Testing Methodology Manual
Date Posted: 17Feb2007 at 9:49am
 


How did the project for an Open Source Security Testing Methodology Manual (OSSTMM) start?

          ISECOM began in January 2001 with the http://www.osstmm.org/ - OSSTMM . Actually, the OSSTMM created ISECOM. The truth is really that I wanted to create a plan on how to test security because I didn't think it was being done right and I wanted to improve it. So I searched the net only to find everyone referring to this proprietary methodology they have that's so great. But I couldn't know because I couldn't see it. I was suspicious that it was true because I had seen the reports of some of the companies that said that they had some great proprietary methodology and there was nothing special about what was essentially vulnerability scanner outputs re-dressed as reports. So once I finished something, I posted it to the web and asked the public to give feedback. I had no idea that I was not the only one in need of such a thing. So here we are, five years later and the OSSTMM is at around four million downloads since its inception - with legislation requiring its use in some countries and some government employees and contractors around the world being required to be http://www.isecom.org/certification_authority.shtml - certified in it just to prove they can really do their jobs. And it's still growing at a fast and shiny pace. We're trying to staff-up to handle this all but that's a problem in itself.





Print Page | Close Window