TAD GROUP strictly follows industry's best practices and specifications for the qualitative and safe conduct of assessment and security analysis.
In a security audit of information systems: NIST SP 800-115
In organizing a training session: NIST SP 800-50
In a web-based penetration test: NIST SP 800-115
Open Web Application Security Project (OWASP) is a worldwide non-profit organization that aims to improve the overall security of software. When performing security analysis and evaluation tests, TAD GROUP follows the methodology and is guided by OWASP's recommendations for reliable system security checks.
We follow the specifications outlined in OWASP’s latest publication of the Application Security Verification Standard (ASVS version 3.0.1) when conducting penetration tests. Tailoring the ASVS to our use cases increases the focus on the security requirements that are most important to our clients' projects and environments.
The Application Security Verification Standard (published July 2016) can be downloaded from our website.