Which of the following frameworks is the tester using?

A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components.

Which of the following frameworks is the tester using?
A . OWASP MASVS
B . OSSTMM
C . MITRE ATT&CK
D . CREST

View Answer

Answer: B

Explanation:

The OSSTMM (Open Source Security Testing Methodology Manual) is a comprehensive framework for security testing that includes 14 components in its life cycle.

Here ’ s why option B is correct: OSSTMM: This methodology breaks down the security testing process into 14 components, covering various aspects of security assessment, from planning to execution and reporting.

OWASP MASVS: This is a framework for mobile application security verification and does not have a 14-component life cycle.

MITRE ATT&CK: This is a knowledge base of adversary tactics and techniques but does not describe a 14-component life cycle.

CREST: This is a certification body for penetration testers and security professionals but does not

provide a specific 14-component framework.

Reference from Pentest:

Anubis HTB: Emphasizes the structured approach of OSSTMM in conducting comprehensive security assessments.

Writeup HTB: Highlights the use of detailed methodologies like OSSTMM to cover all aspects of security testing.

Conclusion:

Option B, OSSTMM, is the framework that breaks the life cycle into 14 components, making it the correct answer.