The National Institute of Standards and Technology Special Publication (NIST-SP-800-115) is the Technical Guide to Information Security Testing and Assessment. The publication is produced by Information Technology Laboratory (ITL) at NIST.
The guide defines a process and methodology for conducting a security assessment. As you review the guide, you will see it contains a great amount of information for testing. While the document tends to not get updated as often as we would like, it is a viable resource for us as a reference when building our methodology for testing. The document consists of the following main chapters:
Introduction
Security testing and examination overview
Review techniques
Target identification and analysis techniques
Target vulnerability validation techniques
Security assessment planning
Security assessment execution
Post-testing activities
As we did with the OSSTMM, we will only look at a small portion of the details of the document. The NIST site has a number...