Home page logo

pen-test logo Penetration Testing mailing list archives

From: "Matthew Stein" <mattstein () webmail co za>
Date: Fri, 06 Feb 2004 03:19:30 +0200

With all due respect, any security testing professional who
would refer to themselves as a Certified Ethical Hacker
does not understand the OSSTMM or any of the other
principals ISECOM (the group that made the osstmm) stands

The OPST covers start to finish how to market a test, what
to include in the contracts process, how to not loose your
shirt on the pricing (proper estimates of a job), how to
conduct the tests (the meat of the testing work), creative
ideas of individual business opportunities (singular
testing opportunities), what to include in the
documentation, who to include in meetings, etc.

From my research, the OPST was designed to give you the
baseline of a security testing professional.  The CEH
literature claims it will make you into an "ethical
hacker", which basically means that you know how to find
and play with tools.  They throw in some ethics for good
measure and give lip service to the OSSTMM document.

Either way, I'd recommend reading the OSSTMM and joining in
the ISECOM mailing lists.  Talk to the people who use the
OSSTMM and ask them which class will better help you meet
your personal goals as you work in the InfoSec community.


-----Original Message-----
From: kenzo [mailto:kenzo_chin () hotmail com] 
Sent: Wednesday, February 04, 2004 9:54 PM
To: pen-test () securityfocus com
Subject: OPST vs CEH

I'm thinking about taking one of these certs. OPST (OSSTMM
 or CEH (certified ethical hacker)
I've read about the two, and they seem to be kind of the
same thing.
I know that some people in here were talking about the
opst, but what about
the ceh?
Has anyone taking the CEH or both?
Please let me know.


http://www.webmail.co.za/dialup Webmail ISP - Cool Connection, Cool Price


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]