When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual
(OSSTMM) the main difference is
When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual
(OSSTMM) the main difference is
The main difference when comparing the testing methodologies of OWASP (Open Web Application Security Project) and OSSTMM (Open Source Security Testing Methodology Manual) is that OWASP addresses controls while OSSTMM does not. OWASP provides a framework specifically designed for web applications and includes a set of controls to help identify and manage vulnerabilities. On the other hand, OSSTMM is a more generalized security testing methodology that doesn't place an emphasis on specific controls but rather on the holistic assessment of security across various domains.
what about A since OSSTMM is for network security? EC-Council states that "The updated guide of OWASP provides over 66 controls to identify and assess vulnerabilities with numerous functionalities found in the latest applications today." (reference: https://blog.eccouncil.org/5-penetration-testing-methodologies-and-standards-for-better-roi/) so OWASP does include controls!
Agreed, I believe A is the right answer.