In this chapter, we will look at a number of different references with respect to a testing methodology. In Chapter 1, Introducing Penetration Testing, we discussed an abstract methodology, but in this chapter, we will look into it in more detail. This is because now that we have set our initial target range environment for design, we want to look at a systematic process for our testing practice. Without a methodology in place, we fall into what is categorized as an ad hoc testing group, and this is something a professional tester should avoid; furthermore, without a plan in place we cannot cover a number of possible situations that can occur, such as scope creep and underestimating the task at hand. We will discuss the following topics:
Open Source System Testing Methodology Manual (OSSTMM)
CHECK
NIST SP-800-115
Offensive security
Other methodologies
Customization
This chapter will provide us with multiple testing methodologies so that we can make an intelligent...