ISECOM OPST Training & Certification
A practical three day course designed to teach candidates the principals of the Open Source Security Testing Methodology Manual (OSSTMM) and Open source Professional Security Testing (OPST). The course will be followed on the fourth day by an independent examination provided by the Institute for Security and Open Methodologies (ISECOM), the organisation behind the OSSTMM. Successful students will be awarded the OPST certification within four weeks of attending the course.
The OPST is a certification of applied knowledge designed to improve the work done as a professional security tester. This is an important certification for those who would like to prove they can conduct extensive, accurate and safe security testing. The discipline covers network auditing, ethical hacking, web application testing and penetration testing. The OPST is a critical, eye-opening class for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and those wishing to increase their understanding of technical security.
Digital Assurance’s trainers are all professional security consultants who have been involved in the field of security testing for over 10 years and who have worked with public and private sector clients. When presenting the OPST we intend to provide realistic and helpful advice on how to conduct security testing properly and to avoid the common pitfalls that can occur – which can be both damaging to a career and reputation.
Learning Objectives
- Understanding the principles of information security testing using a formalised methodology
- Conducting professional security testing safely and legally
- Having the proper tools for the job
- Gaining an adequate background in technical security auditing
- Learning the sources of information
- Interpreting the output of common security tools
- Maximising accuracy
- Properly measuring and quantifying the risk
- Making sound judgements and recommendations
- Communicating your results
The OPST Exam
The OPST exam requires a total of 140 answers within 4 hours. The purpose of the exam is to show the extent of security testing accuracy while maintaining efficiency. While it is an open book exam, no communication of any type is allowed. Each question is in a multiple-choice format. The exam combines paper-based questions with real-time tests performed over the internet of a single vector (internet to DMZ). The choice of tools, materials, and techniques is made by the student at the time of the exam.
Course Audience
Students should have a sound knowledge of how networking protocols work, an understanding of how various security devices and programs work, a user level skill with a common Operating System, and basic experience with server operations/administration particularly in setting up and running daemons and services.
Course Structure
The OPST course consists of a mixture of lecture sessions and practical workshops which aim to explain and demonstrate the nature of how to conduct security testing properly. The course includes a number of supervised workshop sessions where vulnerabilities, tools and techniques are examined by the student. These theory and practical sessions walk a student through a step-by-step security test of a sample organisation or platform architecture, prior to the certified examination on the final day.
Certification Requirements
OPST certification requires a grade of D (60%) or better for certification. Each certificate is accompanied by a transcript which reflects the grade and areas of strengths and weaknesses. The grade of A (90% or better) includes a seal of excellence.
To request further information and receive a detailed OPST course brochure please contact training@digitalassurance.com