i just want to ask you for little aid and some of your time.
The point is, that during my PhD. study i am, among other things, working on a bridge from results from pentests to risk management according to ISO 27001 standard. For this, i would like to use (well, i need to use) little statistics about methodology that you are using for penetration testing. So my request is, if u can post a methodology used by you.
For instance i am using OSSTMM since first version (from year 2001) till today (so currently i am working over OSSTMMv3).
Thanks for your time and responses.