Open Source Security Testing Methodology Manual 

The OSSTMM isn't the easiest or most fun document to read but it's full of advanced security information that's practical and relevant. It's also the best-known operational security manual on the planet with about half a million downloads each month for one particular reason: those who figure it out have a distinct security advantage, as its instructions are about a decade ahead of the current buzz in the security industry.
The goal of the OSSTMM is to put forth a standard for internet security testing. It is intended to form a complete baseline for testing that, when followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be convinced of the level of technical assessment independent of other organization concerns, such as the corporate profile of the penetration testing provider.