Penetration Testing mailing list archives
RE: OPST vs. CEH
From: "Pete Herzog" <pete () isecom org>
Date: Sat, 7 Feb 2004 14:07:39 +0100
William, I'm glad to hear you are interested in taking the OPST. However, after you take the exam, you will see they are not similar at all.
test taker. I have chosen to take both exams. You will need knowledge from both to become well rounded.
CEH 3.0 just recently got announced (for example at January 18, 2004 at http://www.eccouncil.org/312-50.htm) so I am fairly unfamiliar with this new one however I do know the OPST and OPSA well. To be OPST or OPSA certified applies mainly to OSSTMM testing and using ISECOM Audit Reports but is relevent for any type of security testing. Additionally, if you want to use the OSSTMM to perform certified OSSTMM tests because your insurance company, business partners, corporate governance laws, privacy laws, etc. require it, then you should consider taking the tests because no other certification can accredit you for this. The OPST and OPSA were developed to be skills tests. This means you can take whatever books you want into the test. The OPST actually requires you test against test servers which are located at La Salle University, Barcelona. No tricks to the tests- you can either do it or you can't. Since these tests are about being able to do problem solving and analysis more than say, running tools, it is not about what you know but if you can apply what you know. You run any tools you want, use scripting or programming skills to verify and simplify, and most of all, know if a server response is real or an error in your network or test setup. For this reason they are taught in the Masters program at La Salle (www.salleurl.edu) and many other universities and trade schools will offer them through 2004. Any school who wants to offer it can for free under the Academic Alliance program. Most of all, if you want to be a great ethical hacker or pen tester then get experience. I recommend you read, attend presentations, forums, classes, find a mentor, and volunteer in projects involving whitepapers, tool making, and sec research. You can also provide tests for free to non-profits, schools, colleges, churches, etc. who all would be likely to work with you to improve their security and give you experience. Sincerely, -pete. Pete Herzog, Managing Director Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
-----Original Message----- From: Craig, William (Atlanta, GA) [mailto:craigw01 () unisourcelink com] Sent: Friday, February 06, 2004 17:35 PM To: 'kenzo'; pen-test () securityfocus com Cc: 'John Lampe' Subject: RE: OPST vs. CEH Yes, the CEH or Certified Ethical Hacker is similar to the OSSTMM cert. It dos not cover the business side of pen testing and the OSSTMM dos not teach you enough to become a good pen tester ether. However the CEH version 3 is far more superior in measuring the true skills of a Pen tester. You are required to now and understand some form of computer language such as Cxxx / Perl / visual basic etc. You are required to understand how buffer overflow works and be able to reverse engineer code to find the line where the overflow took place. You are required to be able to look at some code and be able to identify what exploit it is etc. You are required to know and understand all forms of viruses and worms along with the standard components of pen testing. You are required to understand hashing of password. And be able to use a calculator to break down passwords. You are required to have performed and understand the following techniques session hijacking, spoofing, dll injections etc. The old version of CEH 2.3 was pretty easy. However the version 3.0 is not for the fly bye test taker. I have chosen to take both exams. You will need knowledge from both to become well rounded. My 2 cents come from experience only. I'm not part of any of the two groups. Good luck with your choice -----Original Message----- From: kenzo [mailto:kenzo_chin () hotmail com] Sent: Thursday, February 05, 2004 12:54 AM To: pen-test () securityfocus com Subject: OPST vs CEH I'm thinking about taking one of these certs. OPST (OSSTMM PROFESSIONAL SECURITY TESTER) or CEH (certified ethical hacker) I've read about the two, and they seem to be kind of the same thing. I know that some people in here were talking about the opst, but what about the ceh? Has anyone taking the CEH or both? Please let me know. thanks. -------------------------------------------------- ------------------------- -------------------------------------------------- -------------------------- -------------------------------------------------- ------------------------- -------------------------------------------------- --------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: OPST vs. CEH Craig, William (Atlanta, GA) (Feb 06)
- Re: OPST vs. CEH Kenzo (Feb 07)
- RE: OPST vs. CEH Pete Herzog (Feb 07)