Re: Pen test courses

Hi Michael,

I can't really give you a good comparison between the Isecom OPST and OPSA trainings without having much details about the SANS training courses...

What I can tell you is that the OPST and OPSA courses are based on the OSSTMM (Open Source Security Testing Methodology Manual). Isecom developped the OSSTMM, this methodology has evolved with the feedback from many security professionals, it is a living document that is in constant progress. Isecom has other open-source projects that all seem very interesting!
You can download the OSSTMM from www.isecom.org. If you have ideas, you can feed them back to Isecom and your enhancements might make it in the official document! That is what I like about the OSSTMM, its quality enhancements can be made by all of us!

There is no such reference on the SANS website I could find, maybe somebody that followed that training can give some more feedback on the source of the methodology used there.

For the technical side, the Isecom classes focus on getting the job done with open source tools first of all, avoiding automatic tools to make sure that you understand what exactly the various tests are meant to achieve and how to validate them as being successful. This is meant to enhances your insight on the subject.

I don't know for sure what the SANS courses concentrate on product-wise, here again, people who followed that training will be able to give you more details!

Cheers,
Martin

• Original Message ----- From: "Cox, Michael" <mscox@ti.com> To: "JC" <-none-@resnulius.net>; <pen-test@securityfocus.com> Sent: Tuesday, May 27, 2003 3:43 PM Subject: RE: Pen test courses

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> Can anyone comment on the OPST training vs. the SANS "Hacker Techniques,
> Exploits and Incident Handling" track or the SANS "Auditing Networks,
> Perimeters and Systems" track?
>
> Thanks!
> Michael
>
> > -----Original Message-----
> > From: JC [mailto:-none-@resnulius.net]
> > Sent: Monday, May 26, 2003 2:48 PM
> > To: Petr Ruzicka; pen-test@securityfocus.com
> > Subject: Re: Pen test courses
> >
> >
> > Petr,