Question

The Company management has asked that you compare the OSSTMM and the PTES to determine which methodology to select for internal testing. Compare these two methodologies and write a report to management. When writing your report, make sure you are writing it as though you are writing it as a report to management, not as though you were answering a homework assignment question.

Answer 1

Answer:

The basic comaprism of OSSTMN and PTES includes the following: OSSTMN is more theoretical, security assessment methodology, and Metrics based why PTES is technology oriented, penetration testing methodology ,  extended analysis of all stages

Explanation:

Solution

Penetration testing has several methodologies which include :OSSTMM and PTES  

The comparison between OSSTMM and PTES is stated as follows:

OSSTMM:                                                

Security assessment methodology

More Theoretical  

Metrics based

PTES :

Technology oriented

Penetration testing methodology

Extended analysis of all stages

Now,

There are 7 stages which is used to define PTES for penetration testing.(Penetration Testing Execution Standard)

• Pre-engagement Interactions

• Intelligence Gathering

• Threat Modeling

• Vulnerability Analysis

• Exploitation

• Post Exploitation

• Reporting

Now,

The OSSTMM is used to obtain security metrics and performing penetration testing .The OSSTMM provides transparency to those who have inadequate security policies and configurations.

The OSSTMM includes the entire risk assessment process starting from requirement analysis to report creation.

Six areas are covered by OSSTMM which are:

• Information security

• Process security

• Internet technology security

• Communications security

• Wireless security

• Physical security