Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Educational Security Assessment project for Northern Virginia Community

from [Djiali] Network Security [Permanent Link]
Subject: Educational Security Assessment project for Northern Virginia Community College students.
Date: Mon, 24 Jan 2005 06:29:32 -0500
Good morning list,
I'm a student enrolled in the Information Systems Security Certification program offered at Northern Virginia Community College. This certification is considered a specialization for students who already have a degree in a network related field and have completed the course load required for the InfoSec certification. The final course is an independent study supervised by the most senior InfoSec faculty member. The goal of this course is to offer students real world experience in conducting a security assessment on a real company. The whole course is structured to protect both the company and students from any harm...we've had to sign an ethics contract with the college, and we will have to enter into a contractual agreement with the company we would be working with.
As the team leader, I've decided to proceed using the OSSTMM methodology for Information Systems (we're not going to try any war dialing, site surveys, or try to enter the company's physical location). From our side, we're going to conduct the port scanning, enumeration, and web application testing on the live systems, but then take the "proof of findings" stage into our test lab where we'll replicate the company's production environment and attempt to exploit any holes we find. No harm will be done to your production systems.
Now for the dilemma part. As you can imagine, it's been a little hard for us to find someone to work with...companys would rather leave their holes undiscovered then have some students do identify them for free!! I can't say that I blame them entirely...I don't know what I would do if the tables were turned. This is why I'm turning to the list...I'm hoping that if we can discuss the project with security folks who understand what we're trying to do, we'd have better luck.
In any event, if you think that you might help out a group of students trying to break into the InfoSec world, please email me directly, I have some preliminary project plans, the course syllabus which outlines everything, and of course, the contact information for our professor if you wish to contact him for validation.
Thanks!!
Wade

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  DIMVA 2005 - Final Call for Papers, Marc Heuse
Next by Date:  Paros 3.2.0 beta release, contact
Previous by Thread:  DIMVA 2005 - Final Call for Papers, Marc Heuse
Next by Thread:  Re: Educational Security Assessment project for Northern Virginia Community College students., pete
Indexes:  [Date] [Thread] [Top] [All Lists]