Ethical Hacking Report: OSSTMM, PTES, and Internal Testing Analysis
VerifiedAdded on 2020/02/18
|7
|1101
|60
Report
AI Summary
This report provides a comprehensive overview of ethical hacking, focusing on the comparison between two key methodologies: OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard). The report begins with an executive summary, follow...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: Ethical hacking
Ethical hacking
Ethical hacking
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Ethical hacking
Executive summary
The report explains the penetration testing tools and methods. OSSTMM and PTES are
the important techniques of the penetration and internal testing. Here, the report shows the
differences between OSSTMM and PTES. It also explains the significance of OSSTMM and
PTES.
2
Executive summary
The report explains the penetration testing tools and methods. OSSTMM and PTES are
the important techniques of the penetration and internal testing. Here, the report shows the
differences between OSSTMM and PTES. It also explains the significance of OSSTMM and
PTES.
2
Ethical hacking
Table of Contents
Executive summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Comparison.................................................................................................................................................4
Recommendation........................................................................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................7
3
Table of Contents
Executive summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Comparison.................................................................................................................................................4
Recommendation........................................................................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................7
3
Ethical hacking
Introduction
The report talks about the internal testing methods OSSTMM and PTES. The report
explains that how OSSTMM and PTES play a significant role in internal testing, operational
security testing, and business testing. It also explains the various penetration testing methods.
Open source security methodology manual and penetration testing execution standard are the
important method of penetration testing. These techniques solve various issues of the system and
analyze and evaluate the data and provide an effective solution.
Comparison
OSSTMM (open source security testing methodology manual) plays a vital role in internal
testing. It is the method and technique to test and analyze the operational security and
precautions of physical unit, individual security testing, workflow, physical security testing,
telecommunication security testing, wireless security analysis, and data network security
assessment and compliance rules and regulations. It is not a risk assessment methodology. It
refers to the collection and analysis of data to produce enough results and outcomes for
providing support to risk decisions. It measures and evaluates the state of operational security
and safety so that decisions can be taken on the behalf of scientific data (Ghazouani, Faris,
Medromi & Sayouti, 2014). It is also called as threat analysis technique. It also measures and
evaluates the progress and development of the security operation of any association. The open
source security testing methodology manual includes the following things.
Rule of engagement: Rule of engagement is the initial exposure to the OSSTMM. The
rule of engagement includes 50 individual points of marketing and sales approach. The
rules are very specific to permission, contracts. Notification and performing the actual
estimation.
Critical security thinking: The critical security thinking also plays a major role in
OSSTMM. It is the practice and process of using facts, logic, experience, opinion to
shape the ideas about the security.
True analysis: It is another new concept of OSSTMM and it analyzes and evaluates the
information security. It secures and maintains trust and assures its flexibility and
4
Introduction
The report talks about the internal testing methods OSSTMM and PTES. The report
explains that how OSSTMM and PTES play a significant role in internal testing, operational
security testing, and business testing. It also explains the various penetration testing methods.
Open source security methodology manual and penetration testing execution standard are the
important method of penetration testing. These techniques solve various issues of the system and
analyze and evaluate the data and provide an effective solution.
Comparison
OSSTMM (open source security testing methodology manual) plays a vital role in internal
testing. It is the method and technique to test and analyze the operational security and
precautions of physical unit, individual security testing, workflow, physical security testing,
telecommunication security testing, wireless security analysis, and data network security
assessment and compliance rules and regulations. It is not a risk assessment methodology. It
refers to the collection and analysis of data to produce enough results and outcomes for
providing support to risk decisions. It measures and evaluates the state of operational security
and safety so that decisions can be taken on the behalf of scientific data (Ghazouani, Faris,
Medromi & Sayouti, 2014). It is also called as threat analysis technique. It also measures and
evaluates the progress and development of the security operation of any association. The open
source security testing methodology manual includes the following things.
Rule of engagement: Rule of engagement is the initial exposure to the OSSTMM. The
rule of engagement includes 50 individual points of marketing and sales approach. The
rules are very specific to permission, contracts. Notification and performing the actual
estimation.
Critical security thinking: The critical security thinking also plays a major role in
OSSTMM. It is the practice and process of using facts, logic, experience, opinion to
shape the ideas about the security.
True analysis: It is another new concept of OSSTMM and it analyzes and evaluates the
information security. It secures and maintains trust and assures its flexibility and
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Ethical hacking
integrity. The true analysis concept uses in security testing procedure (Dinis & Serrão,
2014).
PTES: Penetration testing execution standard (PTES) includes the seven phases; they are
intelligence, brainpower gathering, Threat modeling, pre engagement communications and
interactions, vulnerability analysis and examination, exploitation, reporting and post exploitation.
Penetration testing execution standard explains and analyzes the techniques, tools, and methods
of a pre engagement of penetration test (Knowles, Baron & McGarr, 2016). It includes the
important questions which must be answered before a test starts. The penetration testing methods
should not be a stimulating and confrontational. It should identify and analyze the business and
management risk. Instead of a simple process, technique and methodology, the penetration
testing execution standard also provides the recommended testing tools, techniques, and rationale
of testing tools. In this way, it plays a significant role in the internal testing of the management.
It is also known as hackers, white hat and ethical testing method. It provides guidelines and
information to customers related the testing. The penetration testing phases are showing in below
diagram.
(Source: Knowles, Baron & McGarr, 2016)
PTES provides both security and business services to services providers with an ordinary
language and it also provides scope for performing dissemination and penetration. On the other
hand, OSSTMM does not provide information about the business services; it is only the method
of operational security testing. OSSTMM is good for general and common security testing but it
5
integrity. The true analysis concept uses in security testing procedure (Dinis & Serrão,
2014).
PTES: Penetration testing execution standard (PTES) includes the seven phases; they are
intelligence, brainpower gathering, Threat modeling, pre engagement communications and
interactions, vulnerability analysis and examination, exploitation, reporting and post exploitation.
Penetration testing execution standard explains and analyzes the techniques, tools, and methods
of a pre engagement of penetration test (Knowles, Baron & McGarr, 2016). It includes the
important questions which must be answered before a test starts. The penetration testing methods
should not be a stimulating and confrontational. It should identify and analyze the business and
management risk. Instead of a simple process, technique and methodology, the penetration
testing execution standard also provides the recommended testing tools, techniques, and rationale
of testing tools. In this way, it plays a significant role in the internal testing of the management.
It is also known as hackers, white hat and ethical testing method. It provides guidelines and
information to customers related the testing. The penetration testing phases are showing in below
diagram.
(Source: Knowles, Baron & McGarr, 2016)
PTES provides both security and business services to services providers with an ordinary
language and it also provides scope for performing dissemination and penetration. On the other
hand, OSSTMM does not provide information about the business services; it is only the method
of operational security testing. OSSTMM is good for general and common security testing but it
5
Ethical hacking
does not provide a specific and explicit reference of the testing. OSSTMM also includes the
security test audit report and operational security matrix but PTES does not include the
operational security matrix. Now it is assumed that OSSTMM and penetration testing execution
standard methodology play a significant role in the internal testing of management (Allen,
Heriyanto & Ali, 2014).
Recommendation
Open source security testing methodology manual and penetration testing execution
standard methods play a vital role in the internal testing of management. OSSTMM and PTES
should improve the tools and techniques of testing. Open source security testing methodology
should also include the business security testing and PTES should include the operational
security matrix to analyze and identify the data and internal management of the organization. In
this way, these tools and techniques will become more efficient and effective in future.
Conclusion
Now it is concluded that open source security methodology manual and penetration
testing execution standard are the important tools and techniques of operational, business
security matrix and internal testing of the organization. The management should more focus on
these tools and techniques to resolve the problems and issues. Both the techniques should use the
effective key concepts and methodologies for internal testing.
6
does not provide a specific and explicit reference of the testing. OSSTMM also includes the
security test audit report and operational security matrix but PTES does not include the
operational security matrix. Now it is assumed that OSSTMM and penetration testing execution
standard methodology play a significant role in the internal testing of management (Allen,
Heriyanto & Ali, 2014).
Recommendation
Open source security testing methodology manual and penetration testing execution
standard methods play a vital role in the internal testing of management. OSSTMM and PTES
should improve the tools and techniques of testing. Open source security testing methodology
should also include the business security testing and PTES should include the operational
security matrix to analyze and identify the data and internal management of the organization. In
this way, these tools and techniques will become more efficient and effective in future.
Conclusion
Now it is concluded that open source security methodology manual and penetration
testing execution standard are the important tools and techniques of operational, business
security matrix and internal testing of the organization. The management should more focus on
these tools and techniques to resolve the problems and issues. Both the techniques should use the
effective key concepts and methodologies for internal testing.
6
Ethical hacking
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux–Assuring Security by Penetration Testing.
Packt Publishing Ltd.
Dinis, B., & Serrão, C. (2014). Using PTES and open-source tools as a way to conduct external
footprinting security assessments for intelligence gathering. Journal of Internet
Technology and Secured Transactions (JITST), (3/4), 271-279.
Ghazouani, M., Faris, S., Medromi, H., & Sayouti, A. (2014). Information Security Risk
Assessment--A Practical Approach with a Mathematical Formulation of
Risk. International Journal of Computer Applications, 103(8).
Knowles, W., Baron, A., & McGarr, T. (2016). The simulated security assessment ecosystem:
Does penetration testing need standardisation?. Computers & Security, 62, 296-316.
7
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux–Assuring Security by Penetration Testing.
Packt Publishing Ltd.
Dinis, B., & Serrão, C. (2014). Using PTES and open-source tools as a way to conduct external
footprinting security assessments for intelligence gathering. Journal of Internet
Technology and Secured Transactions (JITST), (3/4), 271-279.
Ghazouani, M., Faris, S., Medromi, H., & Sayouti, A. (2014). Information Security Risk
Assessment--A Practical Approach with a Mathematical Formulation of
Risk. International Journal of Computer Applications, 103(8).
Knowles, W., Baron, A., & McGarr, T. (2016). The simulated security assessment ecosystem:
Does penetration testing need standardisation?. Computers & Security, 62, 296-316.
7
1 out of 7
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.