RE: Pen test courses

From: Robert E. Lee (robert_at_dyadsecurity.com)
Date: 05/27/03

  • Next message: Harry Chemin: "RE: pix log analyser" 
    Date: Tue, 27 May 2003 12:33:03 -0700
To: "pen-test@securityfocus.com" <pen-test@securityfocus.com>

    Petr,

    How familiar are you with ISECOM's Open Source Security Testing
    Methodology Manual (OSSTMM)? The OSSTMM is the most widely used,
    peer-reviewed, "Open Source" security testing methodology in existence.
    If you are new to it, you can find more information on it and download
    it here: http://www.osstmm.org

    =-=-=-=-=-=-=

    The OSSTMM Professional Security Tester (OPST) course picks up where the
    OSSTMM leaves off. While the OSSTMM does an excellent job answering the
    question of "What" to test, the OPST course provides answers to "How"
    and "Why". This course is intended for the "in the trenches", "go run
    the tests and gather the information" security professionals.

    The OPST is very technical and hands on, but it is not a "hacking" class
    or a "tools" class. Specific tools are covered but the focus is on why
    and when to use them, and what the expected output is supposed to be.
    To successfully pass the certification exam you are required to
    understand the tests at a packet analyzer level. The course also covers
    the business aspects of marketing to and selling a customer your
    services, with an emphasis on the ethics surrounding our unique field.

    The course is meant to build upon your existing testing skills and
    measure your ability to conduct a security test based on the OSSTMM.
    More information on the OPST can be found here:
    http://www.isecom.org/projects/opst.htm

    =-=-=-=-=-=-=

    The OSSTMM Professional Security Analyzer (OPSA) course has a focus on
    what to do with the information once it is collected. Specifically,
    Security Analysis, Red/Blue Team Strategies, and Security Testing
    Project Management topics are covered. The target audience for this
    class includes security testing team leads, security analysts, security
    managers, CTO's, CIO's, CSO's, CISO's and any other individual that will
    actively participate in analyzing of data received from a security test.

    More information on the OPSA can be found here:
    http://www.isecom.org/projects/opsa.htm

    =-=-=-=-=-=-=

    ISECOM has built a world-wide partner network for offering the OPST/OPSA
    courses. You can look up and contact the appropriate partner here:
    http://www.isecom.org/partners.htm

    Robert

    Robert E. Lee
    CTO
     
    3400 Irvine Ave, Building 118
    Newport Beach, Ca 92660
    T (949) 486-6600
    F (949) 486-6001
    robert@dyadsecurity.com

    > -----Original Message-----
    > From: Petr Ruzicka [mailto:pruzicka@openbsd.cz]
    > Sent: Monday, May 26, 2003 2:38 AM
    > To: pen-test@securityfocus.com
    > Subject: Pen test courses
    >
    > Hi,
    > could you recommend me some valuable PenTest training ?
    > I know already how to use nmap, ping/traceroute, nessus, hping,
    nemesis,
    > tcpdump/ethereal, ettercap, I know how to do passive fingerprint of
    OS,
    > use various honeypots etc. etc.
    > However, there is always something new to learn, I'm sure. I did some
    > research of available training courses on the Internet and I'm not
    sure
    > which could be valuable to me, as I do not need to spend time learning
    > 'nmap -vv -sS -P0 x.x.x.x'.
    > Besides programming skills and researching new vurneabilities (and
    keep
    > running on learing track), is there any good training out there ?
    > Thanks a lot
    >
    > Petr Ruzicka
    >
    >
    ------------------------------------------------------------------------ 

    --
> -
> *** Wireless LAN Policies for Security & Management - NEW White Paper
***
> Just like wired networks, wireless LANs require network security
policies
> that are enforced to protect WLANs from known vulnerabilities and
threats.
> Learn to design, implement and enforce WLAN security policies to
lockdown
> enterprise WLANs.
> 
> To get your FREE white paper visit us at:
> http://www.securityfocus.com/AirDefense-pen-test
>
------------------------------------------------------------------------
--
> --
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Harry Chemin: "RE: pix log analyser"

    Relevant Pages

    • Security Testing Workshop in Barcelona
      ... Security Testing Workshop in Barcelona ... the Barcelona workshop for the OSSTMM (Open Source Security Testing ... Methodology Manual) has been pushed back a week to Nov. 29th. ...
      (Bugtraq)
    • OSSTMM 2.1 Released
      ... Source Security Testing Methodology Manual (OSSTMM). ... The Open Source Security Testing Methodology Manual is an open ...
      (Bugtraq)
    • "How To" OSSTMM 2.5 - Penetration Testing Methodology
      ... the HOW and WHY of the OSSTMM (Open Source Security Testing Methodology ... I know you think Another Certification?! ...
      (Pen-Test)
    • RE: OPST and CEH
      ... I took Feb. 2-6, 2004, the OPST Certification course offered in Ft. ... In addition to the OSSTMM methodology ... with LOTS of material on Ethical Hacking techniques. ... covers the period BEFORE, DURING, and AFTER the security testing is ...
      (Pen-Test)
    • RE: Penetration testing scope/outline
      ... The OSSTMM stands for the "Open Source Security TESTING Methodology Manual". ... Internet Security Systems. ...
      (Pen-Test)