Best Practice References
Our assessment is based on the following frameworks/ standards which are stated below:
-
? Open Web Application Security Project (OWASP), includes a "best practice" penetration testing framework that users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application, web service and mobile security issues.
-
? SANS Institute Critical Security Controls, a recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results.
-
? Center of Internet Security (CIS) Benchmarks, provides well-defined, un-biased and consensus-based industry best practices to help organizations assess and improve their security. This program is recognized as a trusted, independent authority that facilitates the collaboration of public and private industry experts to achieve consensus on practical and actionable solutions.
-
? Open Source Security Testing Methodology Manual (OSSTMM), covers security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics required to define and build the best possible security over Physical, Data Network, Wireless, Telecommunications, and Human channels.
-
? The Information System Security Assessment Framework (ISSAF) is a peer reviewed structured framework that categorizes information system security assessment into various domains & details specific evaluation or testing criteria for each of these domains. It aims to provide field inputs on security assessment that reflect real life scenarios.
Loading ...
