Methodologies & Standards

Cybersecurity methodologies provide key insights into how modern cyberattacks are carried out. As they are becoming more sophisticated, understanding the latest techniques used by attackers is essentials so businesses and organizations can better protect themselves. Our team leverages the top standards available in the industry in order to stay updated with the latest threats organizations are faced with.
OWASP Methodology


Open Web Application Security Project

The OWASP standard is the industry-leading standard for application security, web and mobile alike. This open-source methodology helps organizations around the world strengthen their web application security posture by developing, publishing and promoting security standards. Our team leverages the OWASP standard as a baseline for our security testing methodology in order to identify vulnerabilities unique to each application.



The MITRE ATT&CK Framework is a publicly-available knowledge base of attacks and exploits used by real-world hacking groups. Our cybersecurity assessments are based on this framework in order to measure your cybersecurity risks against known adversary tactics, helping you develop more targeted countermeasures. The MITRE ATT&CK matrix is divided in 12 large categories:
  • 1
    Initial Access
    19 Techniques
  • 2
    16 Techniques
  • 3
    30 Techniques
  • 4
    Privilege Escalation
    59 Techniques
  • 5
    Defense Evasion
    59 Techniques
  • 6
    Credential Access
    26 Techniques
  • 7
    34 Techniques
  • 8
    Lateral Movement
    13 Techniques
  • 9
    35 Techniques
  • 10
    Command and Control
    26 Techniques
  • 11
    12 Techniques
  • 12
    Defense Evasion
    24 Techniques


Open Source Security Testing Methodology

The OSSTMM framework provides a structured methodology to identify vulnerability in corporate networks from various potential angles of attack. We leverage the OSSTMM methodology in order to offer an accurate overview of your network’s cybersecurity, as well as reliable solutions adapted to your technological context.
Learn More →
OSSTMM Penetration Testing Methodology
NIST Methodology


NIST SP 800-115

The NIST SP 800-115, designed by the National Institute of Standards and Technology, provides guidance on how to plan and conduct security testing, analyze our findings and ultimately propose adapted solutions to secure IT systems and applications from various cybersecurity threats. This methodology is broken down into 7 key phases:

  • 1
    Security Testing and Examination Overview
  • 2
    Review Techniques
  • 3
    Target Identification and Analysis Techniques
  • 4
    Target Vulnerability Validation Techniques
  • 5
    Security Assessment Planning
  • 6
    Security Assessment Execution
  • 7
    Post-Testing Activities


Penetration Testing Execution Standard

The PTES methodology helps our specialists structure their penetration testing engagements by providing a clear and concise framework that can be used to plan, execute, and report on the results of their tests. Additionally, the PTES methodology can help ensure that all aspects of a penetration test are covered, from initial reconnaissance to post-exploitation activities:
  • 1
  • 2
    Intelligence Gathering
  • 3
    Threat Modeling
  • 4
    Vulnerability Analysis
  • 5
  • 6
  • 7
PTES Methodology
ISSAF Methodology


The Information Systems Security Assessment Framework

Based on internationally recognized standards, such as ISO/IEC 27001:2013, the ISSAF methodology provides a systematic way for conducting information security assessments. It is used by our experts to help effectively and efficiently plan, execute, and document their findings.

Cybersecurity Standards

Our services leverage the latest standards to better measure your risks and offer practical solutions to your cybersecurity challenges.
CAPEC Standard


Common Attack Pattern Enumeration and Classification


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.