FedRAMP – Penetration Test Guidance 3.12 3.12.1 3.12.3 Security Assessment
The document provides guidelines regarding planning and conducting penetration testing and analyzing and reporting on the findings.
SEARCH RESULTS
Institute for Security and Open Methodologies – The Open Source Security Testing Methodology Manual 3.12 3.12.1 3.12.3 Security Assessment
This is a methodology to test the operational security of physical locations, human interactions, and all forms of communications such as wireless, wired, analog, and digital.
ISACA Journal – Planning for Information Security Testing – A Practical Approach 3.12 3.12.1 3.12.3 Security Assessment
This article describes the steps involved with planning a security test of your network.
National Cyber Security Centre – Penetration Testing: Advice on How to Get the Most from Penetration Testing 3.12 3.12.1 3.12.3 Security Assessment
This guidance helps with understanding the proper commissioning and use of penetration tests.
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment 3.11 3.11.1 3.11.2 3.11.3 3.12 3.12.1 3.12.3 Risk Assessment Security Assessment
This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.
Open Web Application Security Project (OWASP) – Free for Open Source Application Security Tools 3.12 3.12.1 3.12.3 csc18 Security Assessment
OWASP's mission is to help the world improve the security of its software.
Open Web Application Security Project (OWASP) – Testing Guide v4 3.12 3.12.1 3.12.3 Security Assessment
This link provides information about one methodology for web application penetration testing
Open Web Application Security Project (OWASP) – Testing Tools 3.12 3.12.1 3.12.3 csc18 Security Assessment
This link from OWASP provides a list of web security testing tools.
Open Web Application Security Project (OWASP) Top 10 3.12 3.12.1 3.12.3 Security Assessment
The OWASP Top 10 is an awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
PCI Data Security Standard – Penetration Testing Guidance 3.12 3.12.1 3.12.3 Security Assessment
This guidance is intended for entities that are required to conduct a penetration test.