Class summary

This seminar prepares the attendees for applying the latest public version of the OSSTMM to include or increase security within their current activities and routines. This teaches the language, the concepts, and the know-how required for the employee to immediately put to practice these security techniques.

Agenda

• What You Need to Know About Security
  • Security, Controls, and Limitations
  • Actual Security and Compliance
• Setting Up a Security Test
  • Defining a Security Test and Scope
  • Common Test Types
  • The Operational Security Testing Process
  • Four Point Process and the Trifecta
  • Error Handling
• Working With the Methodology
  • Methodology Flow
  • The Test Modules
  • Security Tests by Channel
• How You Measure Security
  • Understanding the Rav
  • How to Make a Rav
  • Turning Test Results into an Attack Surface Measurements
  • The STAR
  • SCARE and Applying the Rav to Source Code
• What You Need to Know About Analyzing Security
  • Critical Security Thinking
• What You Need to Know About Trust Analysis
  • Understanding Trust
  • Applying Trust Rules to Security Testing
• The Big Picture
  • Building the Möbius Defense
  • Next Steps

This workshop is held by Pete Herzog – founder of ISECOM, author of the OSSTMM and a of course: He’s a veteran TROOPER.