ISSAF
The Information Systems Security Assessment Framework (ISSAF, https://sourceforge.net/projects/isstf/) is, for all intents and purposes, a mothballed project that nevertheless provides great information. It can help understand an entire enterprise-grade assessment process, which not only includes pen testing, but also covers incident and change control programs, Security Operations (SecOps) procedures, and the physical security of the environment, for instance. What the ISSAF lacks more current application testing guidance, it makes up for this in providing sample NDAs, contracts, questionnaires, and other useful templates that can help craft the appropriate deliverables.
Of note to us is that the ISSAF covers these discipline areas, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access