Abstract
This chapter deals with the theoretical aspects of how to conduct a penetration test. Understanding the theory behind the methodology improves the chances of successfully completing a penetration test project. The chapter describes three different methodologies, and their application in penetration testing. The Project Management Body of Knowledge (PMBOK) is useful in conducting any project but is written at a high level, and probably, the least of the three methodologies geared toward penetration testing specifically. The PMBOK breaks out the project life cycle into five different groups: Initiating Processes, Planning Processes, Executing Processes, Closing Processes, and Monitoring and Controlling Processes. Supported by the Open Information Systems Security Group (OISSG), the ISSAF is a peer-reviewed process that provides in-depth information about how to conduct a penetration test. One of the advantages of the Information System Security Assessment Framework (ISSAF) is that it creates a distinct connection between tasks within a penetration test and PenTest tools. The Open Source Security Testing Methodology Manual (OSSTMM) provides a methodology to perform penetration tests, it is foremost an auditing methodology that can satisfy regulatory and industry requirements when used against corporate assets. There are four different “channels” that can benefit from penetration testing: physical security, wireless communications, telecommunications, and data networks. There are four phases within any penetration test: Regulatory, Definitions, Information, and Interactive Controls Test. The OSSTMM does not suggest any tools to be used in a penetration test—it is assumed the engineer will have the necessary knowledge to satisfy the module requirements.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.