There are numerous security testing methodologies being used today by security auditors for technical control assessment. Four of the most common are as follows: Open Source Security Testing Methodology. Information Security Assessment Framework. Open web application security . All of these frameworks provide a detailed process oriented manner in which to conduct a security test, and each has its particular strengths and weaknesses. Most auditors and penetration testers use these frameworks as starting point to create their own testing process and they find a lot of value in referencing them.