Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Advanced Penetration Testing Course Due To Open In London

SANS Institute : 04 November, 2010  (New Product)
The SANS Institute is launching its ethical hacking and advanced penetration testing course this month in the UK
In London this November, the SANS Institute will unveil its most advanced course within Penetration Testing and Ethical Hacking with the new Security 660 which has been created with the assistance of the Council of Registered Ethical Security Tester (CREST).

The course is a response to a skills gap indentified by CREST which has one of the most rigorous examination programs within the IT industry. The failure rate of more than 50% for the CREST examinations, is the view of Ian Glover, President of CREST, "due to the exacting nature of the criteria which generally assumes a penetration tester has at least 5 years experience at the Certified level and two years at the Registered level - even then, the complexity and specialisations needed within a constantly evolving environment makes them an extremely challenging set of exams."

In response, last year CREST approached SANS and a number of other training providers with a market requirement for several courses which it felt would help fill the skill gap that was present for professional penetration testers. "The 660, we feel, is a good starting point for anybody who is considering applying for a CREST exam, it will provide a good grounding for those wishing to sit the CREST Registered tester qualification and will help with any skill gaps that exist at a CREST Certified Tester level" explains Glover, "But it is not a case of you do this course and you automatically pass - we believe it will help experienced practitioners focus themselves on the areas where they need to do further independent study and to utilise these skills in a practical environment to gain the required level of competence to meet the required standard."

CREST also retests professionals every 3 years which means that a constant refreshing of skills that are relevant to current best practice and threats is essential, 'it is our job to ensure that anyone employing a CREST qualified individual can be confident in their skill and competence to the work', says Ian Glover.

The SANS SEC660 Advanced Penetration Testing, Exploits, and Ethical Hacking is an advanced course aimed at bridging the gap between standard penetration testing techniques and the skills required by those desiring to serve as a senior penetration tester, security consultant, or researcher. This six day course builds from concepts learned in SANS SEC560 Network Penetration Testing & Ethical Hacking and enables students to apply the knowledge gained immediately.

The course has three main strands. The first is UNIX Penetration Testing and covers a number of advanced areas such as Compensating for OS security controls such as ASLR, W^X, and canaries. The Windows Domain Penetration Testing strand looks at several areas including exploiting trust relationships and breaking out of a locked RDP session. The Attacking Networking Technologies strand examines techniques such as fuzzing network services and bypassing and attacking Network Access Control (NAC).

The course author and teacher is Stephen Sims, an industry expert with over 15 years of experience in information technology and security. Stephen currently works at Wells Fargo in San Francisco as a Security Architect and has spent several years performing exploit development and reverse engineering.

Stephen has an MS in Information Assurance and holds the GIAC Security Expert (GSE) certification, as well as the CISSP, CISA, Immunity NOP, and many other certifications. "Attackers are almost always one step ahead and are relying on our nature to become complacent with controls we work so hard to deploy," explains Sims, "This course was written to keep you from making mistakes others have made, teach you cutting edge tricks to thoroughly evaluate a target, and provide you with the skills to jump into exploit development."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo