In this chapter, we will look at a number of different references with respect to a testing methodology. In Chapter 1, Introducing Penetration Testing, we discussed an abstract methodology, but in this chapter, we will look into it in more detail. This is because now that we have set our initial target range environment for design, we want to look at a systematic process for our testing practice. Without a methodology in place, we fall into what is categorized as an ad-hoc testing group, and this is something a professional tester should avoid. We will discuss the following topics:
Open Source System Testing Methodology Manual (OSSTMM)
CHECK
NIST SP-800-115
Offensive Security
Other methodologies
Customization
This chapter will provide us with multiple testing methodologies so that we can make an intelligent and informed choice when we select or build one of our own testing methodologies.