OWASP

The "Open Web Application Security Project" framework is a community-driven and frequently updated framework used solely to test the security of web applications and services.

The foundation regularly writes reports stating the top ten security vulnerabilities a web application may have, the testing approach, and remediation.

Advantages	Disadvantages
Easy to pick up and understand.	It may not be clear what type of vulnerability a web application has (they can often overlap).
Actively maintained and is frequently updated.	OWASP does not make suggestions to any specific software development life cycles.
It covers all stages of an engagement: from testing to reporting and remediation.	The framework doesn't hold any accreditation such as CHECK.
Specialises in web applications and services.	Intentionally left blank.

Stages

OSSTMM

OWASP

NIST Cybersecurity Framework 1.1

NCSC CAF

Rules of Engagement (ROE)

Hacker Categories

Scopes

CIA Triad

Principles of Privileges

Security Models

Threat Modelling & Incident Response

OWASP