In terms of course I would like to of done some of the Security Tube and Offensive-Security courses before looking at the CREST certification as I feel these are good solid courses to of completed. However customers want CREST so that is what I am going for and from a PenTest certification it is good, covering not only techniques but preparing, managing, conducting and reporting on a PenTest which are important aspects. Certifications like CREST will help develop a minimal level for PenTest professionals and I wish I had the opportunities to do this when I was younger.
The main parts of the SANS course are
- Network Penetration Testing: Planning, Scoping, and Recon
- Network Penetration Testing: Scanning
- Network Penetration Testing: Exploitation and Post Exploitation
- Network Penetration Testing: Password Attacks
- Network Penetration Testing: Wireless and Web Apps
- Penetration Testing Workshop & Capture the Flag Event
These match nicely against the CREST technical Syllabus
- Soft skills and Assessment Management
- Core Technical skills
- Background Information Gathering & Open Source
- Network Equipment
- Microsoft Windows Security Assessment
- Unix Security Assessment
- Web Technologies
- Web Testing Techniques
- Databases
In addition to SANS Training in the UK, 7Safe run a couple of well recognised PenTesting certifications
CSTA
- Networking Refresher
- Information Discovery
- Target Scanning
- Vulnerability Assessment
- Attacking Windows
- Privilege Escalation – Windows
- Attacking Linux
- Exploiting Linux
- Retaining Access
- Covering Tracks
CSTP
- Principles
- Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Security Misconfiguration
- Failure to Restrict URL Access
- Unvalidated Redirects and Forwards
Which you can see are good match for the content of the CREST technical syllabus
I will be blogging with details of my progess and the subjects I am studying.
No comments:
Post a Comment