From: Robert E. Lee (robert@dyadsecurity.com)
Date: Tue May 27 2003 - 15:33:03 EDT
Petr,
How familiar are you with ISECOM's Open Source Security Testing
Methodology Manual (OSSTMM)? The OSSTMM is the most widely used,
peer-reviewed, "Open Source" security testing methodology in existence.
If you are new to it, you can find more information on it and download
it here: http://www.osstmm.org
=-=-=-=-=-=-=
The OSSTMM Professional Security Tester (OPST) course picks up where the
OSSTMM leaves off. While the OSSTMM does an excellent job answering the
question of "What" to test, the OPST course provides answers to "How"
and "Why". This course is intended for the "in the trenches", "go run
the tests and gather the information" security professionals.
The OPST is very technical and hands on, but it is not a "hacking" class
or a "tools" class. Specific tools are covered but the focus is on why
and when to use them, and what the expected output is supposed to be.
To successfully pass the certification exam you are required to
understand the tests at a packet analyzer level. The course also covers
the business aspects of marketing to and selling a customer your
services, with an emphasis on the ethics surrounding our unique field.
The course is meant to build upon your existing testing skills and
measure your ability to conduct a security test based on the OSSTMM.
More information on the OPST can be found here:
http://www.isecom.org/projects/opst.htm
=-=-=-=-=-=-=
The OSSTMM Professional Security Analyzer (OPSA) course has a focus on
what to do with the information once it is collected. Specifically,
Security Analysis, Red/Blue Team Strategies, and Security Testing
Project Management topics are covered. The target audience for this
class includes security testing team leads, security analysts, security
managers, CTO's, CIO's, CSO's, CISO's and any other individual that will
actively participate in analyzing of data received from a security test.
More information on the OPSA can be found here:
http://www.isecom.org/projects/opsa.htm
=-=-=-=-=-=-=
ISECOM has built a world-wide partner network for offering the OPST/OPSA
courses. You can look up and contact the appropriate partner here:
http://www.isecom.org/partners.htm
Robert
Robert E. Lee
CTO
3400 Irvine Ave, Building 118
Newport Beach, Ca 92660
T (949) 486-6600
F (949) 486-6001
robert@dyadsecurity.com
> -----Original Message-----
> From: Petr Ruzicka [mailto:pruzicka@openbsd.cz]
> Sent: Monday, May 26, 2003 2:38 AM
> To: pen-test@securityfocus.com
> Subject: Pen test courses
>
> Hi,
> could you recommend me some valuable PenTest training ?
> I know already how to use nmap, ping/traceroute, nessus, hping,
nemesis,
> tcpdump/ethereal, ettercap, I know how to do passive fingerprint of
OS,
> use various honeypots etc. etc.
> However, there is always something new to learn, I'm sure. I did some
> research of available training courses on the Internet and I'm not
sure
> which could be valuable to me, as I do not need to spend time learning
> 'nmap -vv -sS -P0 x.x.x.x'.
> Besides programming skills and researching new vurneabilities (and
keep
> running on learing track), is there any good training out there ?
> Thanks a lot
>
> Petr Ruzicka
>
>
------------------------------------------------------------------------
-- > - > *** Wireless LAN Policies for Security & Management - NEW White Paper *** > Just like wired networks, wireless LANs require network security policies > that are enforced to protect WLANs from known vulnerabilities and threats. > Learn to design, implement and enforce WLAN security policies to lockdown > enterprise WLANs. > > To get your FREE white paper visit us at: > http://www.securityfocus.com/AirDefense-pen-test > ------------------------------------------------------------------------ -- > -- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT