Assessment methodologies

There is a variety of assessment methodologies related to penetration testing. Examples of some methodologies include the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) for web assessments, the National Institute of Standards and Technology (NIST) Special Publication 800-115 Technical Guide to Information Security Testing and Assessment, and the PTES. The methodology that we will focus on in this book is the PTES because it is a solid resource for new assessors.