Re: Pen test courses

From: JC (security-focus@resnulius.net)
Date: Wed May 28 2003 - 01:54:18 EDT


Hi Michael,

I can't really give you a good comparison between the Isecom OPST and OPSA
trainings without having much details about the SANS training courses...

What I can tell you is that the OPST and OPSA courses are based on th;Cox, Michael" <mscox@ti.com>
To: "JC" <-none-@resnulius.net>; <pen-test@securityfocus.com>
Sent: Tuesday, May 27, 2003 3:43 PM
Subject: RE: Pen test courses

> Can anyone comment on the OPST training vs. the SANS "Hacker Techniques,
> Exploits and Incident Handling" track or the SANS "Auditing Networks,
> Perimeters and Systems" track?
>
> Thanks!
> Michael
>
> > -----Original Message-----
> > From: JC [mailto:-none-@resnulius.net]
> > Sent: Monday, May 26, 2003 2:48 PM
> > To: Petr Ruzicka; pen-test@securityfocus.com
> > Subject: Re: Pen test courses
> >
> >
> > Petr,
> >
> > There are 2 very interesting courses from Isecom.org
> > (http://www.isecom.org):
> > These classes focus on the right methodology, ethics, law,
> > understanding of
> > the tests, lifecycles of security tests, organisational
> > aspects, etc... In
> > other words, more than just using the tools, but
> > understanding how to use
> > them in the best way possible. These courses are based on the
> > Open Source
> > Security Testing Methodology Manual (OSSTMM) that is an open source
> > methodology to perform professional and complete security tests.
> >
> > - OSSTMM Professional Security Analyst (OPSA):
> > " The premise of the training course is to provide a variety
> > of hard and
> > soft skills to the security professional. The training course
> > focuses on the
> > analytical skills and security knowledge necessary for
> > security and risk
> > analysis and the business skills required for successful
> > security team and
> > project management. This course is not about just passing the
> > exam. This
> > course is about bringing the combined, international knowledge and
> > experiences of security team leaders and security consultants
> > to bring depth
> > and insight to the training. "
> >
> > - OSSTMM Professional Security Tester (OPST):
> > " The premise of the training course is to support the
> > necessary knowledge
> > transfer for a person to be considered a capable, resourceful, and
> > self-sufficient security tester. The training course focuses on the
> > technical skills necessary for security testing and the
> > business skills
> > necessary for providing justification, efficiency, and understanding
> > contemporary business and security needs. "
> >
> > Cheers,
> > Martin
> >
> >
> > ----- Original Message -----
> > From: "Petr Ruzicka" <pruzicka@openbsd.cz>
> > To: <pen-test@securityfocus.com>
> > Sent: Monday, May 26, 2003 11:37 AM
> > Subject: Pen test courses
> >
> >
> > > Hi,
> > > could you recommend me some valuable PenTest training ?
> > > I know already how to use nmap, ping/traceroute, nessus,
> > hping, nemesis,
> > tcpdump/ethereal, ettercap, I know how to do passive
> > fingerprint of OS, use
> > various honeypots etc. etc.
> > > However, there is always something new to learn, I'm sure.
> > I did some
> > research of available training courses on the Internet and
> > I'm not sure
> > which could be valuable to me, as I do not need to spend time learning
> > 'nmap -vv -sS -P0 x.x.x.x'.
> > > Besides programming skills and researching new
> > vurneabilities (and keep
> > running on learing track), is there any good training out there ?
> > > Thanks a lot
> > >
> > > Petr Ruzicka
> >
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT