Ethical Hacking Report: OSSTMM, PTES, and Internal Testing Analysis

Verified

Added on 2020/02/18

AI Summary

This report provides a comprehensive overview of ethical hacking, focusing on the comparison between two key methodologies: OSSTMM (Open Source Security Testing Methodology Manual) and PTES (Penetration Testing Execution Standard). The report begins with an executive summary, followed by an introduction that highlights the significance of these methodologies in internal testing, operational security, and business testing. It then delves into a detailed comparison of OSSTMM and PTES, outlining their respective strengths, weaknesses, and differences. The report explains the rule of engagement, critical security thinking and true analysis of OSSTMM. PTES is described with its seven phases: intelligence gathering, threat modeling, vulnerability analysis, exploitation and reporting. The report also includes a recommendation section, suggesting improvements for both methodologies. Finally, it concludes by emphasizing the importance of OSSTMM and PTES as essential tools for internal testing and organizational security. The report references several academic sources to support its analysis. Students can find similar resources, including past papers and solved assignments, on Desklib, a platform designed to aid students with AI-based study tools.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: Ethical hacking
Ethical hacking

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Ethical hacking
Executive summary
The report explains the penetration testing tools and methods. OSSTMM and PTES are
the important techniques of the penetration and internal testing. Here, the report shows the
differences between OSSTMM and PTES. It also explains the significance of OSSTMM and
PTES.
2

Ethical hacking
Table of Contents
Executive summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Comparison.................................................................................................................................................4
Recommendation........................................................................................................................................6
Conclusion...................................................................................................................................................6
References...................................................................................................................................................7
3

Ethical hacking
Introduction
The report talks about the internal testing methods OSSTMM and PTES. The report
explains that how OSSTMM and PTES play a significant role in internal testing, operational
security testing, and business testing. It also explains the various penetration testing methods.
Open source security methodology manual and penetration testing execution standard are the
important method of penetration testing. These techniques solve various issues of the system and
analyze and evaluate the data and provide an effective solution.
Comparison
OSSTMM (open source security testing methodology manual) plays a vital role in internal
testing. It is the method and technique to test and analyze the operational security and
precautions of physical unit, individual security testing, workflow, physical security testing,
telecommunication security testing, wireless security analysis, and data network security
assessment and compliance rules and regulations. It is not a risk assessment methodology. It
refers to the collection and analysis of data to produce enough results and outcomes for
providing support to risk decisions. It measures and evaluates the state of operational security
and safety so that decisions can be taken on the behalf of scientific data (Ghazouani, Faris,
Medromi & Sayouti, 2014). It is also called as threat analysis technique. It also measures and
evaluates the progress and development of the security operation of any association. The open
source security testing methodology manual includes the following things.
 Rule of engagement: Rule of engagement is the initial exposure to the OSSTMM. The
rule of engagement includes 50 individual points of marketing and sales approach. The
rules are very specific to permission, contracts. Notification and performing the actual
estimation.
 Critical security thinking: The critical security thinking also plays a major role in
OSSTMM. It is the practice and process of using facts, logic, experience, opinion to
shape the ideas about the security.
 True analysis: It is another new concept of OSSTMM and it analyzes and evaluates the
information security. It secures and maintains trust and assures its flexibility and
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Ethical hacking
integrity. The true analysis concept uses in security testing procedure (Dinis & Serrão,
2014).
PTES: Penetration testing execution standard (PTES) includes the seven phases; they are
intelligence, brainpower gathering, Threat modeling, pre engagement communications and
interactions, vulnerability analysis and examination, exploitation, reporting and post exploitation.
Penetration testing execution standard explains and analyzes the techniques, tools, and methods
of a pre engagement of penetration test (Knowles, Baron & McGarr, 2016). It includes the
important questions which must be answered before a test starts. The penetration testing methods
should not be a stimulating and confrontational. It should identify and analyze the business and
management risk. Instead of a simple process, technique and methodology, the penetration
testing execution standard also provides the recommended testing tools, techniques, and rationale
of testing tools. In this way, it plays a significant role in the internal testing of the management.
It is also known as hackers, white hat and ethical testing method. It provides guidelines and
information to customers related the testing. The penetration testing phases are showing in below
diagram.
(Source: Knowles, Baron & McGarr, 2016)
PTES provides both security and business services to services providers with an ordinary
language and it also provides scope for performing dissemination and penetration. On the other
hand, OSSTMM does not provide information about the business services; it is only the method
of operational security testing. OSSTMM is good for general and common security testing but it
5

Ethical hacking
does not provide a specific and explicit reference of the testing. OSSTMM also includes the
security test audit report and operational security matrix but PTES does not include the
operational security matrix. Now it is assumed that OSSTMM and penetration testing execution
standard methodology play a significant role in the internal testing of management (Allen,
Heriyanto & Ali, 2014).
Recommendation
Open source security testing methodology manual and penetration testing execution
standard methods play a vital role in the internal testing of management. OSSTMM and PTES
should improve the tools and techniques of testing. Open source security testing methodology
should also include the business security testing and PTES should include the operational
security matrix to analyze and identify the data and internal management of the organization. In
this way, these tools and techniques will become more efficient and effective in future.
Conclusion
Now it is concluded that open source security methodology manual and penetration
testing execution standard are the important tools and techniques of operational, business
security matrix and internal testing of the organization. The management should more focus on
these tools and techniques to resolve the problems and issues. Both the techniques should use the
effective key concepts and methodologies for internal testing.
6

Ethical hacking
References
Allen, L., Heriyanto, T., & Ali, S. (2014). Kali Linux–Assuring Security by Penetration Testing.
Packt Publishing Ltd.
Dinis, B., & Serrão, C. (2014). Using PTES and open-source tools as a way to conduct external
footprinting security assessments for intelligence gathering. Journal of Internet
Technology and Secured Transactions (JITST), (3/4), 271-279.
Ghazouani, M., Faris, S., Medromi, H., & Sayouti, A. (2014). Information Security Risk
Assessment--A Practical Approach with a Mathematical Formulation of
Risk. International Journal of Computer Applications, 103(8).
Knowles, W., Baron, A., & McGarr, T. (2016). The simulated security assessment ecosystem:
Does penetration testing need standardisation?. Computers & Security, 62, 296-316.
7