Methodologies & Standards

Cybersecurity methodologies provide key insights into how modern cyberattacks are carried out. As they are becoming more sophisticated, understanding the latest techniques used by attackers is essentials so businesses and organizations can better protect themselves. Our team leverages the top standards available in the industry in order to stay updated with the latest threats organizations are faced with.
OWASP Methodology

OWASP

Open Web Application Security Project

The OWASP standard is the industry-leading standard for application security, web and mobile alike. This open-source methodology helps organizations around the world strengthen their web application security posture by developing, publishing and promoting security standards. Our team leverages the OWASP standard as a baseline for our security testing methodology in order to identify vulnerabilities unique to each application.

MITRE

MITRE ATT&CK FRAMEWORK

The MITRE ATT&CK Framework is a publicly-available knowledge base of attacks and exploits used by real-world hacking groups. Our cybersecurity assessments are based on this framework in order to measure your cybersecurity risks against known adversary tactics, helping you develop more targeted countermeasures. The MITRE ATT&CK matrix is divided in 12 large categories:
  • 1
    Initial Access
    19 Techniques
  • 2
    Execution
    16 Techniques
  • 3
    Persistence
    30 Techniques
  • 4
    Privilege Escalation
    59 Techniques
  • 5
    Defense Evasion
    59 Techniques
  • 6
    Credential Access
    26 Techniques
  • 7
    Discovery
    34 Techniques
  • 8
    Lateral Movement
    13 Techniques
  • 9
    Collection
    35 Techniques
  • 10
    Command and Control
    26 Techniques
  • 11
    Exfiltration
    12 Techniques
  • 12
    Defense Evasion
    24 Techniques

OSSTMM

Open Source Security Testing Methodology

The OSSTMM framework provides a structured methodology to identify vulnerability in corporate networks from various potential angles of attack. We leverage the OSSTMM methodology in order to offer an accurate overview of your network’s cybersecurity, as well as reliable solutions adapted to your technological context.
Learn More →
OSSTMM Penetration Testing Methodology
NIST Methodology

NIST

NIST SP 800-115

The NIST SP 800-115, designed by the National Institute of Standards and Technology, provides guidance on how to plan and conduct security testing, analyze our findings and ultimately propose adapted solutions to secure IT systems and applications from various cybersecurity threats. This methodology is broken down into 7 key phases:

  • 1
    Security Testing and Examination Overview
  • 2
    Review Techniques
  • 3
    Target Identification and Analysis Techniques
  • 4
    Target Vulnerability Validation Techniques
  • 5
    Security Assessment Planning
  • 6
    Security Assessment Execution
  • 7
    Post-Testing Activities

PTES

Penetration Testing Execution Standard

The PTES methodology helps our specialists structure their penetration testing engagements by providing a clear and concise framework that can be used to plan, execute, and report on the results of their tests. Additionally, the PTES methodology can help ensure that all aspects of a penetration test are covered, from initial reconnaissance to post-exploitation activities:
  • 1
    Pre-Engagement
  • 2
    Intelligence Gathering
  • 3
    Threat Modeling
  • 4
    Vulnerability Analysis
  • 5
    Exploitation
  • 6
    Post-Exploitation
  • 7
    Reporting
PTES Methodology
ISSAF Methodology

ISSAF

The Information Systems Security Assessment Framework

Based on internationally recognized standards, such as ISO/IEC 27001:2013, the ISSAF methodology provides a systematic way for conducting information security assessments. It is used by our experts to help effectively and efficiently plan, execute, and document their findings.

Cybersecurity Standards

Our services leverage the latest standards to better measure your risks and offer practical solutions to your cybersecurity challenges.
CAPEC Standard

CAPEC

Common Attack Pattern Enumeration and Classification

2024 EDITION

PENETRATION TESTING Buyer's Guide

Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.