Free Pen Testing Methodologies

1. Open Source Security Testing Methodology Manual (OSSTMM)

 - www.isecom.org/osstmm

 - Focus is on transparency and getting business value

 - Useful broad description of categories of testing

2. NIST Guideline on Network Security Testing

 - http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf

 - Covers process, roles, and some sample tools

 - High-level, but provides great incentive for management

 - NIST Special Publication 800-53A

3. OWASP Testing Guide

 - www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents

 - Focus is on Web Application Testing

4. Penetration Testing Framework

 - www.vulnerabilityassessment.co.uk/Penetration%20Test.html

 - Focus is on network penetration tests

 - Very deep, with specific tools and commands

 - Includes Recon, Social Engineering, Scanning/Probing, Enumerations, etc