Open Source Security Testing Methodology Manual
The OSSTMM, published by ISECOM, is a methodology for security testing that emphasizes measurable, repeatable results across channels like networks, physical security, and human interaction. It aims to make security testing scientific rather than ad hoc, producing metrics an organization can track over time. Testers use it to structure engagements and justify their conclusions with evidence.