Osstmm

Some of my recommended readings while studying for security+ was OSSTMM. While it may not be on the exam, I am interested in reading more about it, but now I'm confused.

OSSTMM is supposed to be an open-source security testing methodology manual, yet when you visit the main site it's only available to paid subscribers. Am I missing something? osstmm.org redirects to isecom.org/osstmm, which allows the ToC and a sampler to be downloaded, but the not the full version...

Thought someone in these forums might know a little more about this.

Find more posts tagged with

Comments

erpadmin

superman859 wrote: »

Some of my recommended readings while studying for security+ was OSSTMM. While it may not be on the exam, I am interested in reading more about it, but now I'm confused.

OSSTMM is supposed to be an open-source security testing methodology manual, yet when you visit the main site it's only available to paid subscribers. Am I missing something? osstmm.org redirects to isecom.org/osstmm, which allows the ToC and a sampler to be downloaded, but the not the full version...

Thought someone in these forums might know a little more about this.

You may want to post about this in the Information Security forum. OSSTMM would scare already scared folks who'd have one more thing to worry about that they needn't do.

Might be a good idea to have this moved to InfoSec.

L0gicB0mb508

I have a printed copy somewhere. I downloaded it off the net and had it printed along with a couple other testing methods. You should be able to download it free. Let me dig around.

L0gicB0mb508

OK after doing a little Googling, I see that OSSTMM 3.0 is only available to the paid subscribers. If you look around however you can find a slightly older version of the manual in pdf format for download. I'm not sure if that violates any copyright laws or whatever, but it is out there. OSSTMM 2.2 is the latest version I've found free. Download at your own risk etc....

superman859

L0gicB0mb508 wrote: »

OK after doing a little Googling, I see that OSSTMM 3.0 is only available to the paid subscribers. If you look around however you can find a slightly older version of the manual in pdf format for download. I'm not sure if that violates any copyright laws or whatever, but it is out there. OSSTMM 2.2 is the latest version I've found free. Download at your own risk etc....

Thanks. I found it. I think OSSTMM 3.0 must still be considered "beta" since the main site talks about getting beta copies, development status, etc. for paid subscribers before public release. I guess OSSTMM 3.0 hasn't been "publicly released" yet.

I did find OSSTMM 2.2 though- quite interesting so far! Seems like a pretty good process.

L0gicB0mb508

Bl8ckr0uter wrote: »

Interesting. I just downloaded now. Hopefully it is a good read!

It wont be a "good" read, but it does give you an idea of testing methodology.