Ethical Hacking & Penetration Test ting

Bachelor Degree in Computer Engineering (CPE)Faculty of Engineering, KMUTT

18-Sep_2009

Surachai Chatchalermpun

2

OSSTMM • NIST (SP800-115)

Global Certificate

• EC-Council– CEH (Certified Ethical Hacker)

– ECSA (EC-Council Certified Security Analyst)

– LPT (Lice sensed Penetration Tester)

• SANS GIAC (Global Information Assurance Certification)

– GPEN (GIAC Certified Penetration Tester )

– GWAPT (GIAC Web Application Penetration Tester)

• OSSTMM (The Open Source Security Testing Methodology Manual)

– OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED CERTIFICATION)

– OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED CERTIFICATION)

– OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED CERTIFICATION)

• Mile2

– CPTEngineer (Certified Pen Testing Engineer)

Government-US with standards such as the NSA Infrastructure Evaluation Methodology (IEM).

Open Web Application Security Project (OWASP) provides a framework of recommendations

3

OSSTMM • NIST (SP800-115)

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50