Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pen testing and empyment

From: Pete Herzog <lists () isecom org>
Date: Tue, 28 Mar 2006 11:07:58 +0200
Hi,

Disclaimer: I work for ISECOM
You may want to look at www.opst.org and www.opsa.org. You can find information about the only two, current, skills and applied knowledge certifications for security testing and analysis. There is certainly no end to the request we get for OPST and OPSA certified people and in most places they get hired faster than we can certify them especially where government and industry regulations require that certification for employment or advancement. For example, in the U.K., the certifications are growing just as a vetting tool (employers requiring proof of ability).
I have to warn you though, neither is easy. Both require you to do live testing and analysis work against real systems in a proper, controlled format (think scalpel not broadsword) under time pressure to prove that you know what you're doing. Many people know how to point and shoot tools but have no idea what's really happening from the shooting to the tool's interpretation. Furthermore, many people lack the critical thinking skills in security to discern fact from fiction. OPSA and OPST are ways to learn that. You can look at the website for courses or just study on your own. You can also bring all your notes as they're both open book exams. The important point is that you can do it correctly in the time allowed.
There's a lot of flashy certifications out there for ethical hackers and penetration and security testers and these aren't them. But these are the only ones from an independent non-profit and that actually focus certification on your ability, applied knowledge, and ethics in such a package. It's probably why they've grown so fast in the last 3 years. 

Sincerely,
-pete.

leehaynes () carleeprotection com wrote:

Hi,
Can anyone help. I have been involved in system testing for about the last 18 months, and would now like to work as a pent tester. I am applying for junoir pentest roles and they are ask me if I have any pen test expeirence, I tell them what I have done and then they ask me for my CV. 
After receiveing my CV their tell me that I have no pentesting experince. I suppose what I would like to know is:
Is a pen testing and a system testing one and the same or are they different, because after a qiuck search on the net they to me appear to be the same. 
Can any one answer my question.

Thanks
Lee 
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com 
------------------------------------------------------------------------------






------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com 
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: