Friday, December 24, 2010

Open Source Security Testing Methodology Manual - OSSTMM 3 Released

OSSTMM is a methodology for testing and measuring operational information security.


The OSSTMM is developed by the Institute for Security and Open Methodologies - ISECOM, whose co-director is Pete Herzog. Pete’s mission as creator and writer of the OSSTMM - as I understand it - is to bring a more scientific approach to infosec.

In a security test (or penetration test) you don’t want to evaluate the ingeniousness of the tester (whitehat hacker) but rather the security of your information technology infrastructure. You don’t want to deal with biased terms like “risk” but rather measure factual operational security.

Risk is not something to measure but something you decide for yourself.

It’s biased. A tester should not give me a biased view but rather a reproducible and comprehensive view of factual operational security.

I have these and those systems that run services x,y,z of which some might have vulnerabilities or not and I have security controls in place or not. Maybe the controls themselves have limitations (weaknesses or concerns) that reduce their effect, or not. The OSSTMMv3 takes into account all of these aspects.
Whether or not the remaining risk is acceptable for my own business is not something that a penetration tester or consultant could decide for me.
I have not yet read the whole manual in the current version but there are certainly many points that need further discussion or clarification.

But one thing is sure: the OSSTMM version 3 is the best, most complete, least biased security testing methodology we have today and since the ISO apparently considers the OSSTMM for a new ISO standard, this methodology will most probably be here to stay and evolve.

34 comments:

Anonymous said...

Numerous appreciate it a fantastic deal.

Anonymous said...

Thanks for the help, I learned a lot. If anyone else is truggling I found these
Php Tutorials to be very useful.

Anonymous said...

File covered your home by using responsibility making sure that you are able to the blog website!

Anonymous said...

once more specialist dispersed surf via. Love experienced footballer dispersion.I favor them.

Anonymous said...

I want to The following particular Infomation.

Anonymous said...

You're culpability a fabulous striking blog post onto your webpage, chap. I display happened to be for all time a bookworm on your web page.

Anonymous said...

For that reason fascinating! Appreciate it.

Anonymous said...

boa noite examinei imenso a tua página, estás de parabéns!
Continua o bom trabalho

Anonymous said...

Once the other furnished by the particular dudes is incredibly very helpful on behalf of united states, Thanks to assist you to alllllll ….

Anonymous said...

truly this valuable is truly a decent internet best wishes cheers management great post super messege

Anonymous said...

We give rise to appearance on behalf of this type of report regarding your endured age group, credit rating a share.

Anonymous said...

Fairly valuable uninterruptedly in addition to whenever i cause discovered the software about the component of one's different continuous days credit scores some sort of fantastic bargain associated with.

Anonymous said...

When i i never thought I would trust the following opinion but yet We're beginning to determine points different.

Anonymous said...

Bom dia, visualizei a tua web page e simpatizei tanto,acho que estás a trabalhar muito bem!
Parabéns com o bom trabalho!
Fiquem bem

Anonymous said...

Thanks for this useful publish! Please continue to keep it coming. Regards.

Anonymous said...

I’ve turn out to be a devoted admirer of the website for some time but not actually supplied just one thing back, I hope to alter that within the future with more conversation.Thanks for another new addition to the internet website.

Anonymous said...

With thanks for an excellent submit

Anonymous said...

Sounds like a great product. It would probably be a great gift for grandma at Christmas time

Anonymous said...

Cool post! How much stuff did you have to look up in order to write this one? I can tell you put some work in.

Anonymous said...

Many thanks for the article. I will have a link back to this information from our fresh blog. Thanks again.

Anonymous said...

Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! I’m sure you had fun writing this article.

Anonymous said...

We're a message probability. Consumer credit score!

Anonymous said...

Great article, lots of smart tips. I am going to show my buddies and ask them what they think.

Anonymous said...

Someone I work with visits your blog frequently and recommended it to me to read too. The writing style is great and the content is top-notch. Thanks for the insight you provide the readers!

Anonymous said...

Many thanks for the article. I will have a link back to this information from our fresh blog. Thanks again.

Anonymous said...

An unusually inspiring write-up. Bar-b-que. Rather motivating!! Go off to be of assistance approach

Anonymous said...

Especially heat write-up in which personal may presume re also.

Anonymous said...

Hey…thanks for that. Fantastic content. I’ll be coming back soon for more news. Cheers!

Anonymous said...

I just truly recognize the value of everything you document.

Anonymous said...

Exceptionally comfy write-up which individuals may expect re.

Anonymous said...

I am looking forward to looked over way more of your current well written articles, have a pleasant day!

Anonymous said...

Truly great put up!

Anonymous said...

Hey, I attempted to email you about this article that i’ve a few inquires, but can’t seem to reach you. Please email me when have a minute. Thanks.

Abhiz said...

Thanks to all of you you can reach me at abhishekanand1984@gmail.com or can give me a call at +91-7738598477..
Thanks once more