|
OSCP Subunit
Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution (successor of BackTrack). The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills. Recertification The OSCP does not require recertification. Relations to other security trainings or exams Successful completion of the OSCP exam qualifies the student for 40 (ISC)² The International Information System Security Certification Consortium, or (ISC)2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been descr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Online Certificate Status Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed ''OCSP responders''. Some web browsers (Firefox) use OCSP to validate HTTPS certificates, while others have disabled it. Most OCSP revocation statuses on the Internet disappear soon after certificate expiration. Comparison to CRLs * Since an OCSP response contains less data than a typical certificate revocation list (CRL), it puts less burden on network and client resources. * Since an OCSP response has less data to parse ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
White Hat (computer Security)
A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission. White-hat hackers may also work in teams called " sneakers and/or hacker clubs", red teams, or tiger teams. History One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force, in which the Multics operating systems were tested for "potential use as a two-level (secret/top secret) system." The evaluation deter ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Professional Certification
Professional certification, trade certification, or professional designation, often called simply ''certification'' or ''qualification'', is a designation earned by a person to assure qualification to perform a job or task. Not all certifications that use post-nominal letters are an acknowledgement of educational achievement, or an agency appointed to safeguard the public interest. Overview A certification is a third-party attestation of an individual's level of knowledge or proficiency in a certain industry or profession. They are granted by authorities in the field, such as professional societies and universities, or by private certificate-granting agencies. Most certifications are time-limited; some expire after a period of time (e.g., the lifetime of a product that required certification for use), while others can be renewed indefinitely as long as certain requirements are met. Renewal usually requires ongoing education to remain up-to-date on advancements in the field, evid ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Offensive Security
Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies. The company also provides training courses and certifications. Background and history Mati Aharoni, Offensive Security's co-founder, started the business around 2006 with his wife Iris. Offensive Security LLC was formed in 2008. The company was structured as Offensive Security Services, LLC in 2012 in North Carolina. In September 2019 the company received its first venture capital investment, from Spectrum Equity, and CEO Ning Wang replaced ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Penetration Testing
A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. The process typically identifies the target systems and a particular goal, then reviews available information and undertakes various means to attain that goal. A penetration test target may be a white box (about which background and system information are provided in advance to the tester) or a black box (about which only basic information—if any—other than the company name is provided). A gray box penetration test is a combination of the two (where limited knowledge of the target is sh ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. Kali Linux has around 600 penetration-testing programs (tools), including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), metasploit (penetration testing framework), John the Ripper (a password cracker), sqlmap (automatic SQL injection and database takeover tool), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners, etc. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. The name was inspired by the Hindu goddess Kali. Kali Linux is based on the Debian ''Testing'' branch. Most packages Kali uses are imported from the Debian repositories. Kali Linux's pop ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BackTrack
BackTrack was a Linux distribution that focused on security, based on the Knoppix Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux. History The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing: * ''WHAX'': a Slax-based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called ''Whoppix'' and were based on Knoppix. * ''Auditor Security Collection'': a Live CD based on Knoppix developed by ''Max Moser'' which included over 300 tools organized in a user-friendly hierarchy. On January 9, 2010, BackTrack 4 improved hardware support, and added official FluxBox support. The overlap with Auditor and WHAX in purpose and in collection of tools partly led to the merger. The overlap was done based on Ubuntu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Network World
International Data Group (IDG, Inc.) is a market intelligence and demand generation company focused on the technology industry. IDG, Inc.’s mission is centered around supporting the technology industry through research, data, marketing technology, and insights that help create and sustain relationships between businesses. IDG, Inc. is wholly owned by Blackstone and is led by Mohamad Ali, who was appointed CEO of the company in 2019. Ali serves on IDG, Inc.’s leadership team along with IDC President Crawford Del Prete, IDG, Inc.’s Chief Financial Officer Donna Marr, and Foundry President Kumaran Ramanathan. IDG, Inc. is headquartered in Needham, MA and is parent company to both International Data Corporation (IDC) and Foundry (formerly IDG Communications). History International Data Group was initially founded as International Data Corporate (IDC) in 1964 by Patrick Joseph McGovern, shortly after he had graduated from the Massachusetts Institute of Technology (MIT). Bas ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Assurance Technology Analysis Center
Information Assurance Technology Analysis Center (IATAC) is a United States Department of Defense (DoD) Government Organization. IATAC is an Information Assurance and Cyber Security (CS) Information Analysis Center (IAC), which is administered by the Defense Technical Information Center (DTIC). IATAC aims to provide knowledge needed to develop network defenses in a timely manner. IATAC has an IA scope including research, acquisition, testing, demonstration, operational implementation or logistics. IATAC provides access to IA/CS, Defensive Information Operations (DIO), and Defensive Information Warfare (DIW) security tools, situational awareness resources, and training. This organization was consolidated into the Cyber Security and Information Systems Information Analysis Center (CSISAC). IATAC's mission, like the other IACs in the DTIC IAC Program, is: “To provide the Department of Defense (DoD) a central point of access for information on IA and CS (IA/CS), emerging techno ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
(ISC)²
The International Information System Security Certification Consortium, or (ISC)2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by (ISC)2 is the Certified Information Systems Security Professional (CISSP) certification.(ISC)2 releases government program for conference in Philly alongside ASIS . GSN: Government Security News History In the mid-1980s a need arose for a standardized and vendor-neutral certification program that provided structure and demonstrated competence in the field of IT security, and several professional societies recognized that certification programs attesti ...[...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Continuing Professional Development
Professional development is learning to earn or maintain professional credentials such as academic degrees to formal coursework, attending conferences, and informal learning opportunities situated in practice. It has been described as intensive and collaborative, ideally incorporating an evaluative stage. There is a variety of approaches to professional development, including consultation, coaching, communities of practice, lesson study, mentoring, reflective supervision and technical assistance.National Professional Development Center on Inclusion. (2008)"What do we mean by professional development in the early childhood field?" Chapel Hill: The University of North Carolina, FPG Child Development Institute. History The University of Management and Technology notes the use of the phrase "professional development" from 1857 onwards. In the training of school staff in the United States, " e need for professional development ... came to the forefront in the 1960s". Participants ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BSI Group
The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies certification and standards-related services to businesses. History BSI was founded as the Engineering Standards Committee in London in 1901.Robert C McWilliam. BSI: The first hundred years. 2001. Thanet Press. London It subsequently extended its standardization work and became the British Engineering Standards Association in 1918, adopting the name British Standards Institution in 1931 after receiving a Royal Charter in 1929. In 1998 a revision of the Charter enabled the organization to diversify and acquire other businesses, and the trading name was changed to BSI Group. The Group now operates in 195 countries. The core business remains standards and standards related services, although the majority of the Group's revenue comes from management systems assessment and certification work. In ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
