Osstmm

superman859superman859 Member Posts: 55 ■■□□□□□□□□
Some of my recommended readings while studying for security+ was OSSTMM. While it may not be on the exam, I am interested in reading more about it, but now I'm confused.

OSSTMM is supposed to be an open-source security testing methodology manual, yet when you visit the main site it's only available to paid subscribers. Am I missing something? osstmm.org redirects to isecom.org/osstmm, which allows the ToC and a sampler to be downloaded, but the not the full version...

Thought someone in these forums might know a little more about this.
Degrees: B.S. Computer Science, B.S. Mathematics

Certifications: Network+, Security+

In-Progress: M.S. Computer Science, CEH

Comments

  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Some of my recommended readings while studying for security+ was OSSTMM. While it may not be on the exam, I am interested in reading more about it, but now I'm confused.

    OSSTMM is supposed to be an open-source security testing methodology manual, yet when you visit the main site it's only available to paid subscribers. Am I missing something? osstmm.org redirects to isecom.org/osstmm, which allows the ToC and a sampler to be downloaded, but the not the full version...

    Thought someone in these forums might know a little more about this.

    You may want to post about this in the Information Security forum. OSSTMM would scare already scared folks who'd have one more thing to worry about that they needn't do.

    Might be a good idea to have this moved to InfoSec.
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    I have a printed copy somewhere. I downloaded it off the net and had it printed along with a couple other testing methods. You should be able to download it free. Let me dig around.
    I bring nothing useful to the table...
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    OK after doing a little Googling, I see that OSSTMM 3.0 is only available to the paid subscribers. If you look around however you can find a slightly older version of the manual in pdf format for download. I'm not sure if that violates any copyright laws or whatever, but it is out there. OSSTMM 2.2 is the latest version I've found free. Download at your own risk etc....
    I bring nothing useful to the table...
  • superman859superman859 Member Posts: 55 ■■□□□□□□□□
    OK after doing a little Googling, I see that OSSTMM 3.0 is only available to the paid subscribers. If you look around however you can find a slightly older version of the manual in pdf format for download. I'm not sure if that violates any copyright laws or whatever, but it is out there. OSSTMM 2.2 is the latest version I've found free. Download at your own risk etc....

    Thanks. I found it. I think OSSTMM 3.0 must still be considered "beta" since the main site talks about getting beta copies, development status, etc. for paid subscribers before public release. I guess OSSTMM 3.0 hasn't been "publicly released" yet.

    I did find OSSTMM 2.2 though- quite interesting so far! Seems like a pretty good process.
    Degrees: B.S. Computer Science, B.S. Mathematics

    Certifications: Network+, Security+

    In-Progress: M.S. Computer Science, CEH
  • L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Interesting. I just downloaded now. Hopefully it is a good read!

    It wont be a "good" read, but it does give you an idea of testing methodology.
    I bring nothing useful to the table...
Sign In or Register to comment.