"How To" OSSTMM 2.5 - Penetration Testing Methodology

From: Pete Herzog (lists@isecom.org)
Date: 01/24/03

  • Next message: ivan.buetler@csnc.ch: "Tech Article: HTTP Content Filter Analysis - Finjan SurfinGate V5.6" 
    From: "Pete Herzog" <lists@isecom.org>
To: "Pen Test" <pen-test@securityfocus.com>
Date: Fri, 24 Jan 2003 21:10:41 +0100

    Hi,

    I want to notify all you testers out there that ISECOM (aka Ideahamster) has
    put together a hands-on certification and training the open, peer-reviewed
    way. We are having two classes in Barcelona and we are looking for partners
    around the world to teach the classes. We will only be managing the tests
    and the Internet hack network they will test against. The point is to bring
    the HOW and WHY of the OSSTMM (Open Source Security Testing Methodology
    Manual) to everyone in a cheap, easy way.

    I know you think Another Certification?! This is only because it will allow
    a tester to prove he knows the OSSTMM, knows the tools, knows where to
    find/compile/research new hacks and exploits, can estimate, plan, and
    complete a professional security test, and knows the legal and ethical
    background to sec testing. It's a pretty complete deal. See below for the
    details:

    ----------------

    OPST Training - OSSTMM Professional Security Tester Certification
    La Salle University, Barcelona, Spain

    ISECOM went far beyond the "brain candy" hacking classes with just old tools
    and exploits out there to include the professional skills like security
    project planning, security consultancy, and attack network design together
    with the Open Source Security Testing Methodology (OSSTMM) standard to
    certify a person as a capable and resourceful security professional and
    ethical hacker. Hacking is a creative art but businesses and governments
    also require trusted professionals who can complete methodical Internet and
    Information Security tests as in the OSSTMM. The OSSTMM is the only
    international, practical, low-level standard for security testing and is
    used by countless businesses, governments, financial institutions, and
    telecommunications companies for thorough penetration testing and ethical
    hacking.

    More information on the OSSTMM at http://www.osstmm.org/.

    Classes include 70% hands-on lab learning with an experienced instructor.
    The focus is on HOW and WHY of the Internet and Information Security
    sections of OSSTMM 2.5 although all 6 sections are explained. The exam will
    be a lab exercise which requires testing against an Internet network. The
    exam is 4 hours and covers OSSTMM 2.5 and the BSTA Workbook (both will be
    released in February). The course and the exam have been approved by
    LaSalle URL of Barcelona. The certification exam will also be available
    separately.

    More information on the OPST at http://www.isecom.org/projects/opst.htm.

    Travel costs are not included. We have hotel recommendations of nearby
    hotels on the website. This and the schedule is available from
    http://www.isecom.org/schedule.htm so please see this page for hotel and
    further registration information.

    February
            Thu.13th - Sat.15th
            Thu.20th - Sat.22nd
            9:00 to 18:00

            Duration: 6 days (44 hours + 4 hours for the exam)
            Trainer: Pete Herzog (creator of the OSSTMM)
            Information: training@isecom.org

    March
            Mo.17th -Fr.21st
            9:00 AM to 1:00 PM and
            2:00 PM to 6:00 PM

            Duration: 5 days (36 hours + 4 hours for the exam)
            Trainer: Pete Herzog (creator of the OSSTMM)
            Information: training@isecom.org

    Sincerely,
    Pete Herzog
    Managing Diector
    www.isecom.org
    www.osstmm.org

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/

    Relevant Pages

    • Re: Where to get recognizable, 3rd party security audits?
      ... ISECOM is an independent, non-profit organization which will provide certification, is well known and respected, and can provide both valid metrics and certification of those metrics. ... You will need to choose an ISECOM Auditor but there are thousands of capable people who can do an OSSTMM security test but you can also find qualified OSSTMM auditors just by requesting proof of OPST/OPSA certification from the auditors. ...
      (Pen-Test)
    • Security Testing Workshop in Barcelona
      ... Security Testing Workshop in Barcelona ... the Barcelona workshop for the OSSTMM (Open Source Security Testing ... Methodology Manual) has been pushed back a week to Nov. 29th. ...
      (Bugtraq)
    • OSSTMM 2.1 Released
      ... Source Security Testing Methodology Manual (OSSTMM). ... The Open Source Security Testing Methodology Manual is an open ...
      (Bugtraq)
    • RE: Penetration testing scope/outline
      ... The OSSTMM stands for the "Open Source Security TESTING Methodology Manual". ... Internet Security Systems. ...
      (Pen-Test)
    • RE: Pen test courses
      ... How familiar are you with ISECOM's Open Source Security Testing ... Methodology Manual (OSSTMM)? ... The OSSTMM Professional Security Tester (OPST) course picks up where the ...
      (Pen-Test)