Questions

1. Is there a database that maintains the Common Weakness Enumeration (CWE) list?

2. Where can I find the OWASP Top 10 and SANS Top 25 lists?

3. Are the tools required to perform a penetration test free?

4. How do the OSSTMM- and PTES-based penetration tests differ?