Petr, How familiar are you with ISECOM's Open Source Security Testing Methodology Manual (OSSTMM)? The OSSTMM is the most widely used, peer-reviewed, "Open Source" security testing methodology in existence. If you are new to it, you can find more information on it and download it here: http://www.osstmm.org =-=-=-=-=-=-= The OSSTMM Professional Security Tester (OPST) course picks up where the OSSTMM leaves off. While the OSSTMM does an excellent job answering the question of "What" to test, the OPST course provides answers to "How" and "Why". This course is intended for the "in the trenches", "go run the tests and gather the information" security professionals. The OPST is very technical and hands on, but it is not a "hacking" class or a "tools" class. Specific tools are covered but the focus is on why and when to use them, and what the expected output is supposed to be. To successfully pass the certification exam you are required to understand the tests at a packet analyzer level. The course also covers the business aspects of marketing to and selling a customer your services, with an emphasis on the ethics surrounding our unique field. The course is meant to build upon your existing testing skills and measure your ability to conduct a security test based on the OSSTMM. More information on the OPST can be found here: http://www.isecom.org/projects/opst.htm =-=-=-=-=-=-= The OSSTMM Professional Security Analyzer (OPSA) course has a focus on what to do with the information once it is collected. Specifically, Security Analysis, Red/Blue Team Strategies, and Security Testing Project Management topics are covered. The target audience for this class includes security testing team leads, security analysts, security managers, CTO's, CIO's, CSO's, CISO's and any other individual that will actively participate in analyzing of data received from a security test. More information on the OPSA can be found here: http://www.isecom.org/projects/opsa.htm =-=-=-=-=-=-= ISECOM has built a world-wide partner network for offering the OPST/OPSA courses. You can look up and contact the appropriate partner here: http://www.isecom.org/partners.htm Robert Robert E. Lee CTO 3400 Irvine Ave, Building 118 Newport Beach, Ca 92660 T (949) 486-6600 F (949) 486-6001 robertat_private > -----Original Message----- > From: Petr Ruzicka [mailto:pruzickaat_private] > Sent: Monday, May 26, 2003 2:38 AM > To: pen-testat_private > Subject: Pen test courses > > Hi, > could you recommend me some valuable PenTest training ? > I know already how to use nmap, ping/traceroute, nessus, hping, nemesis, > tcpdump/ethereal, ettercap, I know how to do passive fingerprint of OS, > use various honeypots etc. etc. > However, there is always something new to learn, I'm sure. I did some > research of available training courses on the Internet and I'm not sure > which could be valuable to me, as I do not need to spend time learning > 'nmap -vv -sS -P0 x.x.x.x'. > Besides programming skills and researching new vurneabilities (and keep > running on learing track), is there any good training out there ? > Thanks a lot > > Petr Ruzicka > > ------------------------------------------------------------------------ -- > - > *** Wireless LAN Policies for Security & Management - NEW White Paper *** > Just like wired networks, wireless LANs require network security policies > that are enforced to protect WLANs from known vulnerabilities and threats. > Learn to design, implement and enforce WLAN security policies to lockdown > enterprise WLANs. > > To get your FREE white paper visit us at: > http://www.securityfocus.com/AirDefense-pen-test > ------------------------------------------------------------------------ -- > -- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 13:09:46 PDT