Penetration Testing mailing list archives
RE: Pen test courses
From: "Robert E. Lee" <robert () dyadsecurity com>
Date: Tue, 27 May 2003 12:33:03 -0700
Petr, How familiar are you with ISECOM's Open Source Security Testing Methodology Manual (OSSTMM)? The OSSTMM is the most widely used, peer-reviewed, "Open Source" security testing methodology in existence. If you are new to it, you can find more information on it and download it here: http://www.osstmm.org =-=-=-=-=-=-= The OSSTMM Professional Security Tester (OPST) course picks up where the OSSTMM leaves off. While the OSSTMM does an excellent job answering the question of "What" to test, the OPST course provides answers to "How" and "Why". This course is intended for the "in the trenches", "go run the tests and gather the information" security professionals. The OPST is very technical and hands on, but it is not a "hacking" class or a "tools" class. Specific tools are covered but the focus is on why and when to use them, and what the expected output is supposed to be. To successfully pass the certification exam you are required to understand the tests at a packet analyzer level. The course also covers the business aspects of marketing to and selling a customer your services, with an emphasis on the ethics surrounding our unique field. The course is meant to build upon your existing testing skills and measure your ability to conduct a security test based on the OSSTMM. More information on the OPST can be found here: http://www.isecom.org/projects/opst.htm =-=-=-=-=-=-= The OSSTMM Professional Security Analyzer (OPSA) course has a focus on what to do with the information once it is collected. Specifically, Security Analysis, Red/Blue Team Strategies, and Security Testing Project Management topics are covered. The target audience for this class includes security testing team leads, security analysts, security managers, CTO's, CIO's, CSO's, CISO's and any other individual that will actively participate in analyzing of data received from a security test. More information on the OPSA can be found here: http://www.isecom.org/projects/opsa.htm =-=-=-=-=-=-= ISECOM has built a world-wide partner network for offering the OPST/OPSA courses. You can look up and contact the appropriate partner here: http://www.isecom.org/partners.htm Robert Robert E. Lee CTO 3400 Irvine Ave, Building 118 Newport Beach, Ca 92660 T (949) 486-6600 F (949) 486-6001 robert () dyadsecurity com
-----Original Message----- From: Petr Ruzicka [mailto:pruzicka () openbsd cz] Sent: Monday, May 26, 2003 2:38 AM To: pen-test () securityfocus com Subject: Pen test courses Hi, could you recommend me some valuable PenTest training ? I know already how to use nmap, ping/traceroute, nessus, hping,
nemesis,
tcpdump/ethereal, ettercap, I know how to do passive fingerprint of
OS,
use various honeypots etc. etc. However, there is always something new to learn, I'm sure. I did some research of available training courses on the Internet and I'm not
sure
which could be valuable to me, as I do not need to spend time learning 'nmap -vv -sS -P0 x.x.x.x'. Besides programming skills and researching new vurneabilities (and
keep
running on learing track), is there any good training out there ? Thanks a lot Petr Ruzicka
------------------------------------------------------------------------ --
- *** Wireless LAN Policies for Security & Management - NEW White Paper
***
Just like wired networks, wireless LANs require network security
policies
that are enforced to protect WLANs from known vulnerabilities and
threats.
Learn to design, implement and enforce WLAN security policies to
lockdown
enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-pen-test
------------------------------------------------------------------------ --
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Pen test courses Petr Ruzicka (May 26)
- Re: Pen test courses Andy Cuff [talisker] (May 26)
- Re: Pen test courses JC (May 26)
- Re: Pen test courses Amal Al Hajeri (May 27)
- <Possible follow-ups>
- Re: Pen test courses oherrera (May 26)
- RE: Pen test courses Robert E. Lee (May 27)
- Re: Pen test courses JC (May 28)
- RE: Pen test courses Roger Bou-Aoun (May 29)
- Re: Pen test courses Peter Baxter (May 28)