What is ISO OPST?

The OSSTMM Professional Security Tester (OPST) is the certification internationally recognized professional for the execution and the reporting of safety tests compliant with the OSSTMM methodology ISECOM. The achievement of certification provides a decidedly practical cutting course, complete with exam final on a dedicated laboratory environment. The OSSTMM provides a complete methodological guide for execution of security checks addressed to the inside and to that outside the company perimeter.

Who should Attend?

The OPST is designed for:

  • System administrators
  • Network administrators
  • IT security managers
  • Security staff of NOC and SOC
  • Security tester
  • Security auditor
  • Security consultant

Why is OPST essential for you?

Professional to be able to perform security tests required of penetration testers and Tes er ethical hackers with the purpose of determining how to reduce the attack surface.


  • Good knowledge of the TCP / IP suite and its main protocols
  • Experience in the basic administration of * nix and Windows systems
  • Familiarity with the installation and configuration of software security verification and analysis (specifically on distributions* NIX); no experience is required of the aforementioned software basic in practical use
  • Knowledge and understanding of network architectures
  • Basic knowledge of network security systems: routers, firewalls, intrusion detection system
  • Knowledge of the dynamics of attack on information systems.


Learning objectives

The course the contents outlined below:

  • Rules of Engagement: Understand how to apply the rules of Engagement (Rules of Engagement).
  • Assessment: Learn the techniques to detect the elementsto be verified in an OSSTMM safety test in terms of delimitationobjectives, types of network and display of architectural elements.
  • Enumeration: Understanding the different types of tests to verify, according to OSSTMM methodology, data networks. Use these skills to draw a network map andregister individual structural element at the transport and application level.
  • Application: Learn the techniques necessary to identify services, applications and protocols, and the knowledge necessary for the choice of tools to be used to evaluate them.
  • Identification: Learn how to correct itand accurate identification of the various operating systems with methodsof direct solicitation, correlating the results with the informationderiving from the assessment.
  • Verification: Understanding and applying the OSSTMM methodology toprocess of identifying security restrictions and classifyingthe latter according to the metric adopted.

Exam Format:

  • Exam time: 3 hours
  • Questions: 28 multiple choice, single answer, skills-based against a remote test network.
  • Passing: 60% or better for certification. Scores of 90% or better include a seal of excellence.

General Information

  • 5 course‚Äôs days

Download the course agenda

Signup to our Newsletter!

You will always be updated on news and courses of our company