OSSTMM - Open Source Security Testing Methodology Manual
by Pete Herzog


The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated.

Provided here is the latest public release. To receive OSSTMM development status, notes, and betas, become part of the team. Subscribe now to join the ISECOM Gold or Silver Team or contact us with how you can help OSSTMM development and earn a place on the core development team.
 

To be notified when the OSSTMM 3 is released
please join the ISECOM-NEWS List:

*NEW OSSTMM*

November 11th 2009
OSSTMM 3 RC21 available to Silver Team
OSSTMM 3 RC26 available to Gold Team
 

DOWNLOAD: 
 

Name
OSSTMM.3.Sampler.pdf		20 page sampler from the new OSSTMM 3
OSSTMM_3.0_LITE.pdf
OSSTMM.3.RC26_GOLD_DRAFT.pdf		The latest draft version of the OSSTMM and the most complete.
OSSTMM.3.RC21_SILVER_DRAFT.pdf		The latest beta version of the OSSTMM. Contains the new format and content for usability, all tests fully edited, the full chapter on security analysis, and more!
OSSTMM.en.2.2.pdf

The OSSTMM was  awarded with InfoWorld's Bossies award
Best of Open Source in Security for 2007