Open Source Security Testing Methodology Manual

The Open Source Security Testing Methodology Manual (OSSTMM) was developed and released by the Institute for Security and Open Methodologies (ISECOM) as a guideline on how to improve security testing and implementation.

The OSSTMM is a bit different from the previously-mentioned methodologies and framework, this methodology also tests for organizational, operational, and telecommunication security and compliance.

The following are the domains within the OSSTMM:

•  Operational Security Metrics
•  Trust Analysis
•  Workflow
•  Human Security Testing
•  Physical Security Testing

•  Wireless Security Testing
•  Telecommunications Security Testing
•  Data Networks Security Testing
•  Compliance Regulations
•  Reporting with the STAR (Security Test Audit Report)