offensive security - OSWA

has any one here taken this cert?
what are your feeling on it?
it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it
what are your feeling on it?
it looks interesting and id love to take it but there is very little out there about this one and id love to see what every one else thought about it
wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers:
WGU MS IT Management: done ... double woot :cheers:
Comments
its odd on one page they call it OSWA and on another they call it OSWP
WGU MS IT Management: done ... double woot :cheers:
1). Wireless is the ugly step child of security. There is no professional demand for it. Wireless hacking is more of a novelty than a professional security discipline.
2). The scope of wireless security doesn't really warrant a need for penetration testing. Best practice configurations for wireless are the same across the board. The results of pen-tests against web apps can be difficult to predict before the pen-test is performed. It is a useful practice because it can actually help to identify weaknesses and vulnerabilities. This is not the case with wireless configurations. If you disclose to me the configurations of your wireless access point, I can identify the problems and tell you exactly how a penetration test would go...without even performing one. Wireless security comes down to a few basic principles...
- If you rely solely on MAC filtering to protect against unauthorized access...you're stupid
- If you think that not broadcasting your SSID actually provides anonymity and obscurity...you're stupid
- If you implement WEP...you're stupid
- If you implement WPA with RC4 encryption...you're stupid
- If you implement WPA2/AES without a sufficiently complex passphrase...you're stupid
- If you don't periodically change your SSID...you're stupid
- If you keep the router default configurations...you're stupid
- If you don't restrict physical access to your WAP...you're stupid
That's about the extent of security, as it is addressed by OSWP. And none of these best practices require a penetration test to verify.
WGU MS IT Management: done ... double woot :cheers:
http://www.kimiushida.com/bitsandpieces/ramblings/review_offensive_security_backtrack_wifu/
im still kinda on the fence about it. im really torn between this or CEH
WGU MS IT Management: done ... double woot :cheers: