HOME ABOUT US NEWS TEAM PARTNERING TRAINING EVENTS MEDIA KIT CONTACT
  TEAM ACCESS
     Silver Access
     Gold Access
     Researcher Access
  ASSOCIATIONS 
     Affiliates
     Auditors
     Training Partners
  RESEARCH
     Business Integrity (BIT)
     Home Security (HSM)
     Networking Protocols (OPRP)
     Security Auditing (OSSTMM)
     Security Metrics (ravs)
     Child Security Awareness
     Teen Security Awareness
     Trusted Computing (AVIT)
     Security Models (SOMA)
     Code Analysis (SCARE)
     Security Tools
     Secure Programming
  CERTIFICATION 
     Security Analyst
     Security Expert
     Security Tester
     Wireless Security Expert
     Trust Analyst
     Security Awareness Instructor
     Certified People
     Companies & Products
 

OSSTMM - Open Source Security Testing Methodology Manual
by Pete Herzog


 The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated.

Provided here is the latest public release. To receive OSSTMM development status, notes, and betas, become part of the team. Subscribe now to join the ISECOM Gold or Silver Team or contact us with how you can help OSSTMM development and earn a place on the core development team. 

 

To be notified when the OSSTMM 3 is released
please join the ISECOM-NEWS List:

*NEW OSSTMM*

April 23rd 2010
OSSTMM 3 Gold Draft available to Gold & Platinum Team
OSSTMM 3 Silver Draft available to Silver Team
 

DOWNLOAD: 
 
 Name                      

OSSTMM 3 ToC

This is the full Table of Contents from the OSSTMM 3. Here you can get a feeling for how thorough it is and how it's growing with new research.

OSSTMM 3 Sampler


A ten page sample from Chapter 2 "What You Need to Do" on how to make a proper security test, controlling test errors, and the rules of engagement anyone who is responsible for security should know.

OSSTMM 3 Gold Draft

This is the most current OSSTMM release candidate! It is the best and latest research as it's discovered and written into the OSSTMM. It is the most thorough and cutting edge draft with up-to-date formatting and changes. While this version is always the closest to what this final OSSTMM version will be, some of the research in here may be later deemed more applicable to the next version of the OSSTMM and held back for public peer review at a later date.

OSSTMM 3 Silver Draft

This is an adjusted version of the OSSTMM intended for sampling by government legislative departments and spot peer review. While not complete, this version is useful for learning key OSSTMM concepts as well as keeping up with new additions to the OSSTMM which have been accepted for this current version.

 

Join the ISECOM page on Facebook  Follow us on Twitter 

SUBSCRIBE TO ISECOM NEWS
 
VIEW ALL MAILING LISTS

Join the ISECOM PLATINUM, GOLD or SILVER TEAM
 

The OSSTMM was  awarded with InfoWorld's Bossies award
 Best of Open Source in Security for 2007 

 

 

 


www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
www.opse.org - www.opst.org - www.opsa.org - www.owse.org
  If you have any comments, questions, or to note broken links on this website contact the Webmaster.