Methodologies & Standards
OWASP
Open Web Application Security Project
The OWASP standard is the industry-leading standard for application security, web and mobile alike. This open-source methodology helps organizations around the world strengthen their web application security posture by developing, publishing and promoting security standards. Our team leverages the OWASP standard as a baseline for our security testing methodology in order to identify vulnerabilities unique to each application.
- Injection flaws
- Security misconfiguration
- Insecure Direct Object Reference
- Cross-site request forgery
- Authentication & session management
- Cross Site Scripting (XSS)
- Sensitive data exposure
- Unvalidated redirects and forwards
- Components with vulnerabilities
- Missing function-level access control
MITRE
MITRE ATT&CK FRAMEWORK
-
1Initial Access19 Techniques
-
2Execution16 Techniques
-
3Persistence30 Techniques
-
4Privilege Escalation59 Techniques
-
5Defense Evasion59 Techniques
-
6Credential Access26 Techniques
-
7Discovery34 Techniques
-
8Lateral Movement13 Techniques
-
9Collection35 Techniques
-
10Command and Control26 Techniques
-
11Exfiltration12 Techniques
-
12Defense Evasion24 Techniques
OSSTMM
Open Source Security Testing Methodology
The OSSTMM framework provides a structured methodology to identify vulnerability in corporate networks from various potential angles of attack. We leverage the OSSTMM methodology in order to offer an accurate overview of your network’s cybersecurity, as well as reliable solutions adapted to your technological context.
Learn More →
NIST
NIST SP 800-115
The NIST SP 800-115, designed by the National Institute of Standards and Technology, provides guidance on how to plan and conduct security testing, analyze our findings and ultimately propose adapted solutions to secure IT systems and applications from various cybersecurity threats. This methodology is broken down into 7 key phases:
-
1Security Testing and Examination Overview
-
2Review Techniques
-
3Target Identification and Analysis Techniques
-
4Target Vulnerability Validation Techniques
-
5Security Assessment Planning
-
6Security Assessment Execution
-
7Post-Testing Activities
PTES
Penetration Testing Execution Standard
-
1Pre-Engagement
-
2Intelligence Gathering
-
3Threat Modeling
-
4Vulnerability Analysis
-
5Exploitation
-
6Post-Exploitation
-
7Reporting
ISSAF
The Information Systems Security Assessment Framework
Cybersecurity Standards
CVE
Common Vulnerabilities and Exposures
CVSS
Common Vulnerability Scoring System
CPE
Common Platform Enumeration
OVAL
Open Vulnerability and Assessment Language
CAPEC
Common Attack Pattern Enumeration and Classification
CWE
Common Weakness Enumeration
CWSS
Common Weakness Scoring System
NVD
National Vulnerability Database