OSCP is great.   I also think that some self-study will help you with web app security.  For example, you can look into Damn Vulnerable Web Application.  It has your typical web app vulnerabilities.  There are also sites like hackthissite.org.  that offer tutorials and missions for hacking web apps. 

My vote is for a new board.   There are some topics that cover physical security, or hardware security (jail-braking an iPhone for example) that don't really have anything to do with Wireless.

Sil, that's hilarious!

That depends on your input entirely.   WebScarab works from a text file template of SQL commands and such.  SQLMap has quite a few payloads, including some MSF webshells.   

WebScarab has a neat fuzzing capability, as most of proxy tools.   W3AF can also do this.  I use SQLMap primarily for automated SQL Inject testing.  I find it to be very flexible and somewhat accurate. 

I am not sure what removing Oracle from Google's search engines really accomplishes.  They aren't exactly unknown in the industry.   It certainly makes Google look stupid though.

You are absolutely correct.  I need more up to date archives.  I am going to try to make this a project.  I can't tell you how many times I have searched long and hard for some exploit code for a weird service.   Next time I needed to use the same exploit, I ended up searching again.   

You can telnet or netcat to the port, send some commands and see what it comes back with.  You can also attempt to run nmap against it see what it finds.   You should be watching the communication in Wireshark as you are doing either one of these.

netstat -anb on Windows.

I hear you!  Budget and time constraints are probably one of the biggest challenges.  Three days isn't much time. 

I use non-framework exploits.  I use any exploit I can reasonably verify won't do too much damage.  The way I look at it is the bad guys will use anything available to them. 

I usually have an archive or two on my laptop, but they are almost always too outdated.  I just forget to update them.  What I usually do is maintain an SSH account on a standard port and some odd port.  Part of pen testing is to see what egress filtering and content filtering is present on the network.  If I can't get to a site like exploit-db.com, I use my SSH account to proxy out.  This is actually another good test to see what outbound services are permitted. 

Just my thoughts.

This was the best presentation at Blackhat imho as well.

I am thinking about it.  I didn't see much info on their site about 2011, but I've always wanted to go.

Something I was told a while back was to not concentrate on the job description.   Like Sil said, you have to make a business case for your employer to hire your.  You can do this by highlighting your accomplishments, rather than day to day tasks.   If you saved the company money but running a particular project, this is much more important to a recruiter.    I list all the interesting projects I have worked on, and make it a point to explain the impact of these, like Sil indicated.