RE: Pen test courses

Petr,

How familiar are you with ISECOM's Open Source Security Testing Methodology Manual (OSSTMM)? The OSSTMM is the most widely used, peer-reviewed, "Open Source" security testing methodology in existence. If you are new to it, you can find more information on it and download it here: http://www.osstmm.org

=-=-=-=-=-=-=

The OSSTMM Professional Security Tester (OPST) course picks up where the OSSTMM leaves off. While the OSSTMM does an excellent job answering the question of "What" to test, the OPST course provides answers to "How" and "Why". This course is intended for the "in the trenches", "go run the tests and gather the information" security professionals.

The OPST is very technical and hands on, but it is not a "hacking" class or a "tools" class. Specific tools are covered but the focus is on why and when to use them, and what the expected output is supposed to be. To successfully pass the certification exam you are required to understand the tests at a packet analyzer level. The course also covers the business aspects of marketing to and selling a customer your services, with an emphasis on the ethics surrounding our unique field.

The course is meant to build upon your existing testing skills and measure your ability to conduct a security test based on the OSSTMM. More information on the OPST can be found here: http://www.isecom.org/projects/opst.htm

=-=-=-=-=-=-=

The OSSTMM Professional Security Analyzer (OPSA) course has a focus on what to do with the information once it is collected. Specifically, Security Analysis, Red/Blue Team Strategies, and Security Testing Project Management topics are covered. The target audience for this class includes security testing team leads, security analysts, security managers, CTO's, CIO's, CSO's, CISO's and any other individual that will actively participate in analyzing of data received from a security test.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

More information on the OPSA can be found here: http://www.isecom.org/projects/opsa.htm

=-=-=-=-=-=-=

ISECOM has built a world-wide partner network for offering the OPST/OPSA courses. You can look up and contact the appropriate partner here: http://www.isecom.org/partners.htm

Robert

Robert E. Lee
CTO   3400 Irvine Ave, Building 118
Newport Beach, Ca 92660
T (949) 486-6600
F (949) 486-6001
robert@dyadsecurity.com

> -----Original Message-----
nemesis,
> tcpdump/ethereal, ettercap, I know how to do passive fingerprint of
OS,
> use various honeypots etc. etc.
sure
> which could be valuable to me, as I do not need to spend time learning
keep
> running on learing track), is there any good training out there ?

--

> -

> *** Wireless LAN Policies for Security & Management - NEW White Paper

***

> Just like wired networks, wireless LANs require network security

policies

> that are enforced to protect WLANs from known vulnerabilities and

threats.

> Learn to design, implement and enforce WLAN security policies to

lockdown

> enterprise WLANs.

> 

> To get your FREE white paper visit us at:

> http://www.securityfocus.com/AirDefense-pen-test

>

------------------------------------------------------------------------
--

> --






---------------------------------------------------------------------------
----------------------------------------------------------------------------