Institute for Security and Open Methodologies – The Open Source Security Testing Methodology Manual
3.12 3.12.1 3.12.3 Security Assessment
https://www.isecom.org/OSSTMM.3.pdf
This is a methodology to test the operational security of physical locations, human interactions, and all forms of communications such as wireless, wired, analog, and digital.
ISACA – Physical Penetration Testing: The Most Overlooked Aspect of Security
3.12 3.12.1 3.12.3 Security Assessment
https://www.isaca.org/resources/white-papers/2023/physical-penetration-testing
This white paper offers a comprehensive overview of physical penetration testing, an often neglected yet crucial component of cybersecurity.
National Cyber Security Centre – Penetration Testing: Advice on How to Get the Most from Penetration Testing
3.12 3.12.1 3.12.3 Security Assessment
https://www.ncsc.gov.uk/guidance/penetration-testing
This guidance helps with understanding the proper commissioning and use of penetration tests.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
This NIST Special Publication is a guide to the basic technical aspects of conducting information security assessments.
NIST SP 800-18 Rev 1: Guide for Developing Security Plans for Federal Information Systems
3.12 3.12.4 Security Assessment
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-18r1.pdf
This NIST Special Publication provides guidance for federal agencies for developing system security plans for federal information systems.
Open Web Application Security Project (OWASP) – Free for Open Source Application Security Tools
3.12 3.12.1 3.12.3 csc18 Security Assessment
https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools
OWASP's mission is to help the world improve the security of its software.
https://owasp.org/www-project-web-security-testing-guide/
This link provides information about one methodology for web application penetration testing
https://owasp.org/www-project-web-security-testing-guide/v41/6-Appendix/A-Testing_Tools_Resource
This link from OWASP provides a list of web security testing tools.
https://owasp.org/www-project-top-ten/
The OWASP Top 10 is an awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
