OSSTMM vs PTES: Penetration Testing Methods

Verified

Added on 2020/02/18

AI Summary

This assignment delves into a comparative analysis of two prominent penetration testing methodologies: Open Source Security Testing Methodology Manual (OSSTMM) and Penetration Testing Execution Standard (PTES). It outlines the phases, principles, and applications of each methodology, highlighting their strengths and limitations in operational security testing. The report concludes with recommendations for improving these tools and techniques to enhance internal management security within organizations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: Ethical hacking
Ethical hacking

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Ethical hacking
Executive summary
The report explains the penetration testing tools and methods. OSSTMM and PTES are
the important techniques of the penetration and internal testing. Here, the report shows the
differences between OSSTMM and PTES. It also explains the significance of OSSTMM and
PTES.
2

Ethical hacking
Table of Contents
Executive summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Comparison.................................................................................................................................................4
Recommendation........................................................................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................7
3

Ethical hacking
Introduction
The report talks about the internal testing methods OSSTMM and PTES. The report
explains that how OSSTMM and PTES play a significant role in internal testing, operational
security testing, and business testing. It also explains the various penetration testing methods.
Open source security methodology manual and penetration testing execution standard are the
important method of penetration testing. These techniques solve various issues of the system and
analyze and evaluate the data and provide an effective solution.
Comparison
OSSTMM (open source security testing methodology manual) plays a vital role in internal
testing. It is the method and technique to test and analyze the operational security and
precautions of physical unit, individual security testing, workflow, physical security testing,
telecommunication security testing, wireless security analysis, and data network security
assessment and compliance rules and regulations. It is not a risk assessment methodology. It
refers to the collection and analysis of data to produce enough results and outcomes for
providing support to risk decisions. It measures and evaluates the state of operational security
and safety so that decisions can be taken on the behalf of scientific data (Ghazouani, Faris,
Medromi & Sayouti, 2014). It is also called as threat analysis technique. It also measures and
evaluates the progress and development of the security operation of any association. The open
source security testing methodology manual includes the following things.
 Rule of engagement: Rule of engagement is the initial exposure to the OSSTMM. The
rule of engagement includes 50 individual points of marketing and sales approach. The
rules are very specific to permission, contracts. Notification and performing the actual
estimation.
 Critical security thinking: The critical security thinking also plays a major role in
OSSTMM. It is the practice and process of using facts, logic, experience, opinion to
shape the ideas about the security.
 True analysis: It is another new concept of OSSTMM and it analyzes and evaluates the
information security. It secures and maintains trust and assures its flexibility and
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Ethical hacking
integrity. The true analysis concept uses in security testing procedure (Dinis & Serrão,
2014).
PTES: Penetration testing execution standard (PTES) includes the seven phases; they are
intelligence, brainpower gathering, Threat modeling, pre engagement communications and
interactions, vulnerability analysis and examination, exploitation, reporting and post exploitation.
Penetration testing execution standard explains and analyzes the techniques, tools, and methods
of a pre engagement of penetration test (Knowles, Baron & McGarr, 2016). It includes the
important questions which must be answered before a test starts. The penetration testing methods
should not be a stimulating and confrontational. It should identify and analyze the business and
management risk. Instead of a simple process, technique and methodology, the penetration
testing execution standard also provides the recommended testing tools, techniques, and rationale
of testing tools. In this way, it plays a significant role in the internal testing of the management.
It is also known as hackers, white hat and ethical testing method. It provides guidelines and
information to customers related the testing. The penetration testing phases are showing in below
diagram.
(Source: Knowles, Baron & McGarr, 2016)
PTES provides both security and business services to services providers with an ordinary
language and it also provides scope for performing dissemination and penetration. On the other
hand, OSSTMM does not provide information about the business services; it is only the method
of operational security testing. OSSTMM is good for general and common security testing but it
5

Ethical hacking
does not provide a specific and explicit reference of the testing. OSSTMM also includes the
security test audit report and operational security matrix but PTES does not include the
operational security matrix. Now it is assumed that OSSTMM and penetration testing execution
standard methodology play a significant role in the internal testing of management (Allen,
Heriyanto & Ali, 2014).
Recommendation
Open source security testing methodology manual and penetration testing execution
standard methods play a vital role in the internal testing of management. OSSTMM and PTES
should improve the tools and techniques of testing. Open source security testing methodology
should also include the business security testing and PTES should include the operational
security matrix to analyze and identify the data and internal management of the organization. In
this way, these tools and techniques will become more efficient and effective in future.
Conclusion
Now it is concluded that open source security methodology manual and penetration
testing execution standard are the important tools and techniques of operational, business
security matrix and internal testing of the organization. The management should more focus on
these tools and techniques to resolve the problems and issues. Both the techniques should use the
effective key concepts and methodologies for internal testing.
6

Ethical hacking
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux–Assuring Security by Penetration Testing.
Packt Publishing Ltd.
Dinis, B., & Serrão, C. (2014). Using PTES and open-source tools as a way to conduct external
footprinting security assessments for intelligence gathering. Journal of Internet
Technology and Secured Transactions (JITST), (3/4), 271-279.
Ghazouani, M., Faris, S., Medromi, H., & Sayouti, A. (2014). Information Security Risk
Assessment--A Practical Approach with a Mathematical Formulation of
Risk. International Journal of Computer Applications, 103(8).
Knowles, W., Baron, A., & McGarr, T. (2016). The simulated security assessment ecosystem:
Does penetration testing need standardisation?. Computers & Security, 62, 296-316.
7

1 out of 7

+13062052269

info@desklib.com

OSSTMM vs PTES: Penetration Testing Methods

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Assignment - Penetration Testing

What is penetration testing? | What is pen testing?

Standard Operating Procedure for Penetration Testing

Penetration Testing

Penetration Testing

SOP for Penetration Testing