When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
A. OWASP is for web applications and OSSTMM does not include web applications.
B. OSSTMM is gray box testing and OWASP is black box testing.
C. OWASP addresses controls and OSSTMM does not.
D. OSSTMM addresses controls and OWASP does not.
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
it’s c:
OSSTMM 3 – The Open Source Security Testing Methodology Manual
Purpose
The primary purpose of this manual is to provide a scientific methodology for the accurate
characterization of operational security (OpSec) through examination and correlation of test results in a
consistent and reliable way. This manual is adaptable to almost any audit type, including penetration
tests, ethical hacking, security assessments, vulnerability assessments, red-teaming, blue-teaming, and so
forth. It is written as a security research document and is designed for factual security verification and
presentation of metrics on a professional level.
A secondary purpose is to provide guidelines which, when followed correctly, will allow the analyst to
perform a certified OSSTMM audit. These guidelines exist to assure the following:
1. The test was conducted thoroughly.
2. The test included all necessary channels.
3. The posture for the test complied with the law.
4. The results are measurable in a quantifiable way.
5. The results are consistent and repeatable.
6. The results contain only facts as derived from the tests themselves.
An indirect benefit of this manual is that it can act as a central reference in all security tests regardless of
the size of the organization, technology, or protection.
The EC Council actually states “he updated guide of OWASP provides over 66 controls to identify and assess vulnerabilities with numerous functionalities found in the latest applications today.”
https://blog.eccouncil.org/5-penetration-testing-methodologies-and-standards-for-better-roi/
therefore ‘D’ is incorrect.
‘A’ is also incorrect as OSSTMM does include web applications within its scope, however doesnt have as specific controls as OWASP. Both methodologies can be applied to black and grey box testing, therefore ‘B’ is also incorrect.
the correct answer is ‘C’
I found answer D to be the correct answer on three different sites.
Answer is A. OWASP is for WEB applications and OSSTMM does NOT include web applications.
Go Google it. Why is it that there’s more than 10 dubious answers?
Who’s providing the authoritative answers so students do NOT get confused or misled.
What standard is VCE providing?