March 1, 2002

Security testing methodology 2.0

Author: JT Smith

Pete Herzog writes: "The Open Source Security Testing Methodology Manual 2.0 has been posted for peer-review at OSSTMM.ORG.

Covered in the 2.0 manual are the following areas:
--Internet Security

--Information Security
--Physical Security
--Communications Security
--Wireless Security
--Social Engineering

This manual is a detailed methodology for standardizing the process of security testing so as to ensure a complete and thorough job. This is a nearly complete re-write of 1.5 from the ground up to assure clarity and practicality. Included are the Risk Assessment Values which provide values and a method for calculating and maintaining specific levels of risk from security breaches and other forms of organizational penetration methods besides Information and IT insecurities. This verson also includes many template samples including the information that must appear in a report to bear the Certified OSSTMM Compliance seal.

I do hope everyone involved in the security field from IT professionals to auditors and soldiers to watchdog groups gets involved in the peer-review process to develop this standard.



  • Linux
Click Here!