offensive security - OSWA

demonfurbiedemonfurbie um yea i know some stuffsMember Posts: 1,819
has any one here taken this cert?

what are your feeling on it?

it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it
wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers:

Comments

  • the_hutchthe_hutch Paper cranes for everyone Banned Posts: 827
    I assume you referring to OSWE? As far as I know, OffSec doesn't offer an OSWA. But as far as OSWE goes, I'm sure its a great course. The biggest reason I don't see myself ever taking it is that it is not offered online. Based on the description, I think it would be foolish to take it without first having completed OSCP and OSCE, which both focus heavily on web application exploitation.
  • demonfurbiedemonfurbie um yea i know some stuffs Member Posts: 1,819
    it the wireless attack cert

    its odd on one page they call it OSWA and on another they call it OSWP
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • the_hutchthe_hutch Paper cranes for everyone Banned Posts: 827
    Ah...the wireless one huh? I'd say OSWP is correct, just because that is how it is listed on OffSec's site. And they are the one's that issue the cert
  • the_hutchthe_hutch Paper cranes for everyone Banned Posts: 827
    As far as wireless attacks go, I think they are interesting but I don't really see a point in getting professional cert in it. I say that for two reasons:

    1). Wireless is the ugly step child of security. There is no professional demand for it. Wireless hacking is more of a novelty than a professional security discipline.

    2). The scope of wireless security doesn't really warrant a need for penetration testing. Best practice configurations for wireless are the same across the board. The results of pen-tests against web apps can be difficult to predict before the pen-test is performed. It is a useful practice because it can actually help to identify weaknesses and vulnerabilities. This is not the case with wireless configurations. If you disclose to me the configurations of your wireless access point, I can identify the problems and tell you exactly how a penetration test would go...without even performing one. Wireless security comes down to a few basic principles...
    - If you rely solely on MAC filtering to protect against unauthorized access...you're stupid
    - If you think that not broadcasting your SSID actually provides anonymity and obscurity...you're stupid
    - If you implement WEP...you're stupid
    - If you implement WPA with RC4 encryption...you're stupid
    - If you implement WPA2/AES without a sufficiently complex passphrase...you're stupid
    - If you don't periodically change your SSID...you're stupid
    - If you keep the router default configurations...you're stupid
    - If you don't restrict physical access to your WAP...you're stupid

    That's about the extent of security, as it is addressed by OSWP. And none of these best practices require a penetration test to verify.
  • the_hutchthe_hutch Paper cranes for everyone Banned Posts: 827
    That being said, if OffSec did include other areas of wireless security, besides just IEEE 802.11 standards, to include bluetooth, RFID, emissions reconstitution, etc... the course might be more appealing to me. But as is...I have little interest.
  • demonfurbiedemonfurbie um yea i know some stuffs Member Posts: 1,819
    i was looking at it as a stepping stone for something a little bit more than sec+
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • the_hutchthe_hutch Paper cranes for everyone Banned Posts: 827
    Honestly, for anyone interested in OffSec...I'd say start with OSCP. Personally, I'm planning on trying my hand at it after I finish some preliminary work (SPSE and SecTube Assembly Primer)
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
  • demonfurbiedemonfurbie um yea i know some stuffs Member Posts: 1,819
    nice review it looks like something that i may go for

    im still kinda on the fence about it. im really torn between this or CEH
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
Sign In or Register to comment.