Open Source Security Testing Methodology Manual

Presented at H2K2 (2002), July 14, 2002, 1 p.m. (60 minutes)

The OSSTMM came about as a need for an open, free security testing methodology in response to the numerous security testing companies who claimed to have a secret, internal, and corporate confidential methodology for testing. It was this methodology that they used to differentiate themselves from other testing companies. The problem was that often it didn't exist and the tests turned out to be no more than commercial scanners set loose on a list of systems. The development of the OSSTMM began as a series of logical steps to make a good test and grew into the need to make the most thorough test. This presentation will show the origin of the OSSTMM and the logic behind it, as well as results of reverse-engineering the reports of corporate tests, commercial tools, and commercial presentations.

Presenters:

• Tyler Shields
  Tyler Shields is the director of OSSTMM (Open Source Security Testing Methodology Manual) Knowledge Transfer project and co-founder/lead technical resource for Security Sciences Corporation (www.securitysciences.com). He is heavily involved in penetration testing, information reconnaissance, and developing the OSSTMM Security Testing Certification training courses for the USA. His name is known to many open source security projects and a few old-school hacker groups.

Links:

• http://iv.hope.net/panels.html#osstest
• https://infocon.org/cons/2600/H2K2 (2002)/H2K2 (2002) - Open Source Security Testing Methodology Manual.srt (subtitles)
• https://infocon.org/cons/2600/H2K2 (2002)/H2K2 (2002) - Open Source Security Testing Methodology Manual.mp4
• https://www.youtube.com/watch?v=Sbzyp1ho9VQ

Similar Presentations:

• VB2017 / The (testing) world turned upside down
• AppSec USA 2015 / Blending the Automated and the Manual: Making Application Vulnerability Management Pay Dividends
• DerbyCon 7.0 Legacy (2017) / When to Test, and How to Test It