EH-Net

HI all,

Can anyone recommended a good online course for web testing?

I recently emailed back and forth with Joe McCray.  I know he's currently doing a revamp on his 'So You Want To Be A Web App Pentester."  Might be worth checking in with him, to see where it stands.

Thanks have you done the course ? or has anyone ? what was it like ? I was also looking at mile 2 course Certified Secure Web Application Engineer  as they offering 50% off it work out about £170 has anyone done this ?

I'm doing CSWAE now but am not very far into it. So far it looks good except the videos are taken from a live class and there's one student who keeps asking annoying questions.

I've had heard a lot of people say eCCPT has a really good web pentesting portion. I dont know if you're looking for a cert but incase you're not..you can just take the eCPPT course.

ElearnSecurity is a good base web attack training.

impelse,

have you took the course?

I saw that and it definitely looks good.  I think he teaches how to go somewhat undetected also.  I think the price would be the only thing that holds me back from his course but it is probably worth it.

Agoonie what was the price of the course ?

I have looked at ElearnSecurity but in order to do the pro course it cost $599 or three payment what work out $650 that is a lot of money compared to the mile2 course at $250 and its only really web stuff I need to learn ASAP.

Does anyone know why with ElearnSecurity if you do the pay monthly its more expensive ? I think this little off putting IMO if it was same price I would be more tempted to do it.

Also does anyone know if you pay monthly do you still get the 5% off ?

Having another certificate would be cool but I am not sure how many companies in the UK would see the value of it.

Depends of your level of knowledge and your budget.

I have done both eCPPT and SANS GWAPT. eCPPT is a very good introductory course, it covers most of the basic stuff and is has execellent presentations.

SANS goes deeper (escpecially for the client side), but it is very expensive.

If you'll pay, I suggest you to start with eCPPT, buy the new book The Web Application Hacker's Handbook, buy a license for Burp pro and you are good to go. After this you'll discover by yourself where you lack knowledge.

Also, after eCPPT, you can do OSCP (I don't see it in your signature). They also have web stuff.

If your company will pay for the course, you can go for SANS.

alucian

cool burp already have and new hacker handbook already have. I doubt my company will pay as they believe in training in house but for me I prefer to learn from watching video and then trying stuff that why I am looking at doing a course.

 

I can vouch for eLearnSecurity as well.  This is my first course diving into web app pentesting and it's very easy to understand and the forms are active with people who can help if you have questions.  Starting my exam within the next 2 weeks, I'll try and write up a review soon.

Cool it does sounds really good will have to think about it but what put me off is face it more if you pay monthly and you don't get the 5% off and money is tight :P

The one I am talking about is 2500 bucks.  It might take a minute to come up with that.  I am still saving for the OSCE which is a grand less.  I probably will end of doing it anyway since the content is that good.  :)

http://strategicsec.com/services/training-services/classroom/advanced-penetration-testing/
$2500

http://strategicsec.com/services/training-services/online/so-you-wanna-be-a-webapp-pentester/

http://strategicsec.com/services/training-services/online/so-you-wanna-be-a-pentester/

Ah cool just a little out my price range :P

I second that lol  When I'm ready for web pentesting, my vote is eCPPT. It's reasonably priced, geared towards beginners, and has credibility.

Yeah I may go for this gonna have to try save a bit cash and pay it all at once as don't want pay extra.

you can check this course

CODENAME: Samurai Skills Course

http://ninja-sec.com/index.php/samurai-skills/

This potentially looks interesting... who's going to bite the bullet and try it so they can write a review for the rest of us?  :)

It's been about 10 weeks since you posted this, but it looks like he now has March up as the next date: http://strategicsec.com/services/training-services/online/

With no current standard in Web Application Security, sooner or later someone must set one. If I believed more in using (a lot) of time making a course, would actually be successful, then I'd probably make one hehe  :)

There is however one, from Learn Security Online that seems to cover a lot, but I guess that's being remade at strategisec currently.

The course at http://ninja-sec.com/index.php/samurai-skills/ certainly looks interesting. So if anyone is considering taking the course and would be happy to provide a review that would be great :)

They actually reached out to me, last week, to review the course.  Made arrangements with them, over the weekend, and I'll be going through the course, starting this week.  I'll post a running review, as I go through it, and a full review, at the end.

Stay tuned.

Cool, I a looking forward to it hayabusa ;)

Yah be cool to see what they have to offer.

There are a few seats left on the course "The Art of exploiting SQL Injection" at Black hat Las Vegas. More details can be found here:

https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html