Home page logo

pen-test logo Penetration Testing mailing list archives

From: "Pete Herzog" <pete () isecom org>
Date: Sat, 7 Feb 2004 14:07:39 +0100


I'm glad to hear you are interested in taking the OPST.
However, after you take the exam, you will see they are not
similar at all.

test taker. I have chosen to
take both exams. You will need knowledge from
both to become well rounded.

CEH 3.0 just recently got announced (for example at January
18, 2004 at http://www.eccouncil.org/312-50.htm) so I am
fairly unfamiliar with this new one however I do know the
OPST and OPSA well.

To be OPST or OPSA certified applies mainly to OSSTMM
testing and using ISECOM Audit Reports but is relevent for
any type of security testing.  Additionally, if you want to
use the OSSTMM to perform certified OSSTMM tests because
your insurance company, business partners, corporate
governance laws, privacy laws, etc. require it, then you
should consider taking the tests because no other
certification can accredit you for this.

The OPST and OPSA were developed to be skills tests.  This
means you can take whatever books you want into the test.
The OPST actually requires you test against test servers
which are located at La Salle University, Barcelona.  No
tricks to the tests- you can either do it or you can't.
Since these tests are about being able to do problem solving
and analysis more than say, running tools, it is not about
what you know but if you can apply what you know.  You run
any tools you want, use scripting or programming skills to
verify and simplify, and most of all, know if a server
response is real or an error in your network or test setup.
For this reason they are taught in the Masters program at La
Salle (www.salleurl.edu) and many other universities and
trade schools will offer them through 2004.  Any school who
wants to offer it can for free under the Academic Alliance

Most of all, if you want to be a great ethical hacker or pen
tester then get experience.  I recommend you read, attend
presentations, forums, classes, find a mentor, and volunteer
in projects involving whitepapers, tool making, and sec
research.  You can also provide tests for free to
non-profits, schools, colleges, churches, etc. who all would
be likely to work with you to improve their security and
give you experience.


Pete Herzog, Managing Director
Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org

-----Original Message-----
From: Craig, William (Atlanta, GA)
[mailto:craigw01 () unisourcelink com]
Sent: Friday, February 06, 2004 17:35 PM
To: 'kenzo'; pen-test () securityfocus com
Cc: 'John Lampe'
Subject: RE: OPST vs. CEH

      Yes, the CEH or Certified Ethical Hacker is
similar to the OSSTMM
cert. It dos not cover the business side of pen
testing and the OSSTMM dos
not teach you enough to become a good pen tester
ether. However the CEH
version 3 is far more superior in measuring the
true skills of a Pen tester.
You are required to now and understand some form
of computer language such
as Cxxx / Perl / visual basic etc. You are
required to understand how buffer
overflow works and be able to reverse engineer
code to find the line where
the overflow took place. You are required to be
able to look at some code
and be able to identify what exploit it is etc.
You are required to know and
understand all forms of viruses and worms along
with the standard components
of pen testing. You are required to understand
hashing of password. And be
able to use a calculator to break down passwords.
You are required to have
performed and understand the following techniques
session hijacking,
spoofing, dll injections etc. The old version of
CEH 2.3 was pretty easy.
However the version 3.0 is not for the fly bye
test taker. I have chosen to
take both exams. You will need knowledge from
both to become well rounded.
My 2 cents come from experience only. I'm not
part of any of the two groups.
Good luck with your choice

-----Original Message-----
From: kenzo [mailto:kenzo_chin () hotmail com]
Sent: Thursday, February 05, 2004 12:54 AM
To: pen-test () securityfocus com
Subject: OPST vs CEH

I'm thinking about taking one of these certs.
 or CEH (certified ethical hacker)
I've read about the two, and they seem to be kind
of the same thing.
I know that some people in here were talking
about the opst, but what about
the ceh?
Has anyone taking the CEH or both?
Please let me know.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]