Standards for penetration testing

[Thomas Kerbl <thomas.kerbl () fh-hagenberg at>]

Hello list,

I'm currently doing some research for my thesis on penetration testing 
methods. Therefor I'm looking for widely used standards in this area.

Here a collection of what I've already found:

* OSSTMM - Open Source Security Testing Methodology Manual
* Durchfuehrungskonzept fuer Penetrationstests (BSI - Germany)
* NIST Guideline on Network Security Testing (special publ. 800-42)

I tried (additional to google search) to find further standards in RFC 
repositories, the IEEE publication database, CERT, the ITIL website and 
of course the securityfocus archive.  I couldn't find much usefull 
information on the penetration-test topic. Of course there are many 
great security ressources, but not exactly the information I was looking 
for.

Can anyone point me to other standards for penetration testing? If there 
are any other "must-read" papers (like ISO17799 for example) out there, 
they are also welcome. I can make use of english and german documents.

tia,
Thomas Kerbl

--
~ FH-Hagenberg: Computer & Media Security
~ http://cms.fh-hagenberg.at
~ my GPG key ID: 0x924042D1

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------