OSSTMM in the USA

[Pete Herzog <lists () isecom org>]

Hi,

Wow!  There was a large response from people in the USA wanting to know 
more about the trust metrics and OSSTMM 3.0, specifically security metrics 
- the RAVs - I wrote about in the Making Sense of Trust article.

I want to make clear that although we have the way that Trust can be 
calculated, so far we have to make specific tasks for each unique test 
type.  There is no generic set of test tasks that can be applied. At least 
none that I have yet.  We do plan on having them for future OSSTMM versions 
though.

As for the OSSTMM 3.0 stuff, if you want more familiarity on how to apply 
it to pen testing, you can take the OPST or OPSA certification classes and 
exams.  In the US, there is a condensed (2-day) class next weekend in 
Indiana for those interested and one next month in Connecticut.

You can contact Chris Griffin if you're interested in the classes 
(Chris.Griffin-AT-isecom.org) or ISECOM directly through our CONTACT page.

Sincerely,
-pete.

--
Pete Herzog
OPST, OPSA, OWSE, OPSE

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------