Oct
21
2010
Certified Pentester in Compendium Education Center
Pentesting Methodology - Open Source Security Testing Methodology Manual
A pentester is a specialist who performs IT systems security tests (penetration tests), evaluating at the same time the current security level of a tele-information system.
Pentesters check the system for any known vulnerabilities, analyze the system configuration and immunity to various forms of attacks. This specialization is growing in popularity among security experts.
The efficiency of a penetration test is dependent, to a large extent, on the knowledge and abilities of a pentester or their team. The procedure itself involved in the test performance, combined with a plan of action, error elimination, analysis and drawing conclusions are of no lesser importance, either.
"What is needed is a set of good practices and principles describing activities to be performed before, during and after a security test, as well as procedures defining a result assessment method", says Bartosz Niepsuj, Chief Technology Officer in Compendium Education Center. "In a nutshell - we need penetration testing methodology", he emphasizes.
One of the best known methodologies of this kind is the OSSTMM (Open Source Security Testing Methodology Manual), provided by ISECOM (Institute for Security and Open Methodologies) www.isecom.org
The OSSTMM (www.isecom.org/osstmm/) is a methodology updated and verified on an ongoing basis, with new tests regularly being added, which comply with international sets of the most recent practices, laws, regulations and ethical concerns. Subject to the foregoing, the third release of this document is currently being drawn up.
The OSSTMM is divided into five channels (sections) which describe, inter alia, tests relevant to information and data collection, personnel security awareness levels, possible fraud and social engineering control levels, computer and telecommunications networks, wireless devices, physical security, security processes. A detailed table of contents is available at the following address: http://www.isecom.org/mirror/OSSTMM.3.Table_of_Contents.pdf.
Due to establishing cooperation relations with the company @Mediaservice.net, an authorized training partner of ISECOM, Compendium Education Centre introduced to the Polish market certified training courses, i.e. OPST (OSSTMM Professional Security Tester) and OPSA (OSSTMM Professional Security Analyst).
Both OPST and OPSA trainings provide essential knowledge and practical skills addressed at a wide spectrum of clients - specialists conducting professional penetration tests, tester team leaders, security and risk analysis specialists, IT administrators and many others.
It should be added that on the fifth day of training courses, participants take a certified examination admitting them to the title of OSSTMM Professional Security Tester and OSSTMM Professional Security Analyst, respectively. The foregoing certifications are worldwide approved and recognized titles and ensure that services rendered in connection with penetration tests comply with the highest professional standards.
A pentester is a specialist who performs IT systems security tests (penetration tests), evaluating at the same time the current security level of a tele-information system.
Pentesters check the system for any known vulnerabilities, analyze the system configuration and immunity to various forms of attacks. This specialization is growing in popularity among security experts.
The efficiency of a penetration test is dependent, to a large extent, on the knowledge and abilities of a pentester or their team. The procedure itself involved in the test performance, combined with a plan of action, error elimination, analysis and drawing conclusions are of no lesser importance, either.
"What is needed is a set of good practices and principles describing activities to be performed before, during and after a security test, as well as procedures defining a result assessment method", says Bartosz Niepsuj, Chief Technology Officer in Compendium Education Center. "In a nutshell - we need penetration testing methodology", he emphasizes.
One of the best known methodologies of this kind is the OSSTMM (Open Source Security Testing Methodology Manual), provided by ISECOM (Institute for Security and Open Methodologies) www.isecom.org
The OSSTMM (www.isecom.org/osstmm/) is a methodology updated and verified on an ongoing basis, with new tests regularly being added, which comply with international sets of the most recent practices, laws, regulations and ethical concerns. Subject to the foregoing, the third release of this document is currently being drawn up.
The OSSTMM is divided into five channels (sections) which describe, inter alia, tests relevant to information and data collection, personnel security awareness levels, possible fraud and social engineering control levels, computer and telecommunications networks, wireless devices, physical security, security processes. A detailed table of contents is available at the following address: http://www.isecom.org/mirror/OSSTMM.3.Table_of_Contents.pdf.
Due to establishing cooperation relations with the company @Mediaservice.net, an authorized training partner of ISECOM, Compendium Education Centre introduced to the Polish market certified training courses, i.e. OPST (OSSTMM Professional Security Tester) and OPSA (OSSTMM Professional Security Analyst).
Both OPST and OPSA trainings provide essential knowledge and practical skills addressed at a wide spectrum of clients - specialists conducting professional penetration tests, tester team leaders, security and risk analysis specialists, IT administrators and many others.
It should be added that on the fifth day of training courses, participants take a certified examination admitting them to the title of OSSTMM Professional Security Tester and OSSTMM Professional Security Analyst, respectively. The foregoing certifications are worldwide approved and recognized titles and ensure that services rendered in connection with penetration tests comply with the highest professional standards.