ISSAF
The Information Systems Security Assessment Framework (ISSAF) is a penetration testing methodology. It offers a set of comprehensive assessment checklists. Methodology is still in its early stages of creation.
ISSAF methodology consists of three phases:
- Planning and Preparation
- Assessment
- Reporting, Clean-Up and Destruction of Artefacts.
Contents |
[edit] Planning and Preparation
The initial Planning and Preparation stage consists of the following activities:
- Identification of contact individuals from boths sides
- Opening meeting to confirm the scope, approach, and methodology
- Agreement to specific test cases and escalation paths
[edit] Assessment
In the assessment stage methodology follows a layered penetration testing approach:
- Information Gathering
- Network Mapping
- Vulnerability Identification
- Penetration
- Gaining Access & Privilege Escalation
- Enumerating Further
- Compromise Remote Users/Sites
- Maintaining Access
- Covering Tracks