 |
| |
| |
|
Who's Online |
|
We have 43 guests and 1 member online |
|
| |
|
|
 |
|
EH-Net
|
|
May 18, 2013, 06:34:42 PM
|
 Show Posts
|
|
Pages: [1]
|
|
1
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Start into Web Application Security
|
on: January 16, 2013, 07:43:09 PM
|
I try to do the exercises without BurpSuite or OWASP ZAP because I want to gain the actually learning without relying on the tools. So you know birdofbeauty11, many WebGoat exercises requires a web proxy. You don't need to use the burpsuite, but you need a web proxy at the minimum... WebGoat is not always easy, but I really like it. I found it to be too "cheezy" for teaching people new to security (they think it doesn't represent a real life scenario), but I have learned a lot by looking at... the answers. I want to back to it again and this time, not look at the answers at all. But this is nevertheless a great tool ! Thanks for the response! I will try to use WebGoat with a proxy. I have OWASP ZAP proxy installed on my computer. I will try that. I will try Mulltidae first, and build myself up. Can you explain what you did to get started in web application security or computer security, period. |
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Start into Web Application Security
|
on: January 15, 2013, 10:17:32 PM
|
Thanks everone for responding! I'm glad that I am not in this boat alone. (0: Just a quick note, I do have the "Web Application Handbook" (all 600+ pages of it), but haven't had a chance to sit down and read it. I am more of a hands-on type of learner, so that is why I wanted to start poking around some vulnerable apps. While I agree that you should (will) be spending a lot of time researching about web pentesting over your career (especially at the beginning), if you want a place to start you should check out WebGoat ( https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project). Not only is this an exploitable image that is geared towards web applications, it's designed for all levels of expertise. The additional advantage is it'll let you know if you really want to pursue the field of web pentesting - if you can handle web goat for more than a week of exercises (WITHOUT looking up the answers), you'll probably be fine in the field.  To answer the block above, I guess I am not cut out for Web App security. I have WebGoat and it is not intuitive to me at all. I often find myself VERY confused when trying to work on the exercises because the instructions do not seem very clear to me. I try to do the exercises without BurpSuite or OWASP ZAP because I want to gain the actually learning without relying on the tools. Also, to piggy-back, what other areas of security are you guys (or gals) looking at? The reason I picked web app security was because it seemed the most interesting to me, with network security being in second. I just feel like I am putting WAY too much pressure on myself. Please respond when able. Thanks. |
|
|
|
|
4
|
Ethical Hacking Discussions and Related Certifications / Web Applications / Start into Web Application Security
|
on: January 14, 2013, 11:38:21 PM
|
|
Hi,
I am trying to enter into the web application security field. I am somewhat overwhelemed because I have A LOT of vulnerable web applications (OWASP Broken Web Apps, OWASP Security Shepherd, PenTestLab), and I also enrolled in eLearnSecurity and PenTestLab.
My question is, for those in this field, what where your first steps? I clearly have a lot of information (see paragraph above), but I feel like I am not using my time in the most effective manner.
Also, I have a blog passionforpentesting.wordpress.com. I am trying to revitlize the blog again this year, and my goal is to have it as an interactive place for people who want to enter this field. If you can please go to the site (I must warn you in advance the posts are pretty bare), and give suggestions that would be great!
I should re-iterate I REALLY want to transition over to this field, as I am a Application Developer now. This isn't a hobby that I will drop in two months, I've been trying to get into this field for over 2 years, and it seems I am always meet with a brick wall...
Thanks!
|
|
|
|
|
5
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Difference between C|EH and eLearnSecurity
|
on: May 16, 2011, 08:45:40 AM
|
Those STRONG reviews will probably take some time before they will arrive because the latest version (v7) has been released recently. From what i know there are no Eh.net members yet who have done the completely new version of C|EH. Personally i would love to do the elearnsecurity course and write a full review about it, just like OSCP, but time is not on my side right now...
First I would like to say, thanks to everyone who responded. I have made the decision to do the eLearnSecurity. Along with the price (which was a big help), it just seems more my speed, since I am new in this field. The fact that the class is self-paced, and you can view the content at any time is an added bonus for me. Are there any eLearnSecurity reviews on this site? Thanks |
|
|
|
|
6
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Difference between C|EH and eLearnSecurity
|
on: May 15, 2011, 03:00:58 PM
|
Hey birdofbeauty11, Welcome to the forums! There was a review written here awhile back on the eLearnSecurity course. It's attracted a lot of attention as being dubbed, 'What the CEH should have been'. I've taken the course last year and they seem very open to course suggestions because they're always looking to tailor the course to students demands. They've even opened a feedback area for the eLS PTP Pro course here. The eLearnSecurity folks have added a lot to the course since that review was made and even a few more modications since the eCPPT's on this board have taken the course. I'm personally aware employer wise, employers know the C|EH certification over the eCPPT certification currently - but as you mentioned you would be starting with the student version as oppose to the Pro course which I don't think the student course comes with the certification attempt. I haven't taken the C|EH training but I can throw out a couple obvious differences between the eLearnSecurity Penetration Tester Pro courses and the C|EH: 1. C|EH written Exam vs. eLearnSecurity's Practical Hands-On Web App Pen-Test + Report Exam 2. C|EH's focus towards introductory usages of tools vs. eLearnSecurity's in-depth sections of material (the Web-App Security section is very-well put together!) 3. eLearnSecurity offering a 5% discount to ethicalhacker.net members which can be redeemed here4. eLearnSecurity offering a 7-day risk free guarantee and the list could go on and on by taking the time to read and compare user's reviews of C|EH vs ELS through the eCPPT section here, and the C|EH section. Either route you choose to go, your bound to learn something new that'll benefit your career. Good to see you aboard - if you have further questions, don't hesitate to ask! -Kris Kris, Thanks for the response. I think I might do the eLearnSecurity, unless I see some STRONG reviews for the C|EH. I went back to the eLearnSecurity website, and I noticed that for $750, I can do the beginners, pro, and the certification. Like I said, i'm just leery of paying 2K, and I can get the same information for cheaper. Let me know your thoughts. Thanks |
|
|
|
|
7
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Difference between C|EH and eLearnSecurity
|
on: May 15, 2011, 11:18:09 AM
|
|
Hello everyone,
I am new to the information security field, and would like to go into penetration testing. At this time, I have a Masters in Computer Science and a graduate certificate in Information Security and Privacy from UNC Charlotte.
I was doing research and I came across eLearnSecurity class on pentesting. (At this time I would have to do the student version and work my way up to the pro version), and found the content interesting, and was really impressed with the price along with being able to have lifelong access to the material.
Then I came to this site, and noticed that people were writing about C|EH. After going to their site, I found their information to be impressive as well. The only drawback is the price... $2K (I want to do the self-paced class since I will work full-time). I also read reviews where people said this cert was too easy, and that employers did not really value this cert. So I am nervous about spending 2K on a class that may or may not be beneficial.
I know some people may say, "Why are they so concerned with price?" It's because I will pay for this out of my own pocket. I can sleep easy at night over $700, but it would be a little harder over 2K.
At this point, I was more inline to do the C|EH because it seemed more suitable for a beginner (which is what I will be, since I have not done any pentesting before) and it seems to cover a lot of ground.
Are there websites that compare C|EH and the pentesting of eLearnSecurity? Or is this comparing apples to oranges?
If someone can send me a response, that would be great.
Note: If this question was asked before, I would like to apologize for a repost. I looked through the different forum topics and did not see this question posed.
Thanks
|
|
|
|
|
Loading...
|
|
|
|
General Certification : CPT Practical Submission
