offensive security - OSWA

demonfurbie

has any one here taken this cert?

what are your feeling on it?

it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it

the_hutch

I assume you referring to OSWE? As far as I know, OffSec doesn't offer an OSWA. But as far as OSWE goes, I'm sure its a great course. The biggest reason I don't see myself ever taking it is that it is not offered online. Based on the description, I think it would be foolish to take it without first having completed OSCP and OSCE, which both focus heavily on web application exploitation.

demonfurbie

it the wireless attack cert

its odd on one page they call it OSWA and on another they call it OSWP

the_hutch

Ah...the wireless one huh? I'd say OSWP is correct, just because that is how it is listed on OffSec's site. And they are the one's that issue the cert

the_hutch

As far as wireless attacks go, I think they are interesting but I don't really see a point in getting professional cert in it. I say that for two reasons:

1). Wireless is the ugly step child of security. There is no professional demand for it. Wireless hacking is more of a novelty than a professional security discipline.

2). The scope of wireless security doesn't really warrant a need for penetration testing. Best practice configurations for wireless are the same across the board. The results of pen-tests against web apps can be difficult to predict before the pen-test is performed. It is a useful practice because it can actually help to identify weaknesses and vulnerabilities. This is not the case with wireless configurations. If you disclose to me the configurations of your wireless access point, I can identify the problems and tell you exactly how a penetration test would go...without even performing one. Wireless security comes down to a few basic principles...
- If you rely solely on MAC filtering to protect against unauthorized access...you're stupid
- If you think that not broadcasting your SSID actually provides anonymity and obscurity...you're stupid
- If you implement WEP...you're stupid
- If you implement WPA with RC4 encryption...you're stupid
- If you implement WPA2/AES without a sufficiently complex passphrase...you're stupid
- If you don't periodically change your SSID...you're stupid
- If you keep the router default configurations...you're stupid
- If you don't restrict physical access to your WAP...you're stupid

That's about the extent of security, as it is addressed by OSWP. And none of these best practices require a penetration test to verify.

the_hutch

That being said, if OffSec did include other areas of wireless security, besides just IEEE 802.11 standards, to include bluetooth, RFID, emissions reconstitution, etc... the course might be more appealing to me. But as is...I have little interest.

demonfurbie

i was looking at it as a stepping stone for something a little bit more than sec+

the_hutch

Honestly, for anyone interested in OffSec...I'd say start with OSCP. Personally, I'm planning on trying my hand at it after I finish some preliminary work (SPSE and SecTube Assembly Primer)

docrice

I wrote a review a while back:

http://www.kimiushida.com/bitsandpieces/ramblings/review_offensive_security_backtrack_wifu/

demonfurbie

nice review it looks like something that i may go for

im still kinda on the fence about it. im really torn between this or CEH