Hi H1t M0nk3y,

A colleague currently is in the 3rd week of the GWAPT course and he is not satisfied with the level of the course so far.

Regarding the other courses, I have no references.

@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...

@xXxKrisxXx Thanks, I did forget about it! In the course description, they say:

I wonder what is the difference with this course and, let say, buying 6 or 7 books...

I think I am gonna take it. For $300, you can't go wrong. I will write a review as soon as I am done, probably late in September.

He says the technical level is far too low. Also, both instructors (Kevin Johnson & Set Misenar) spend too much time in simple things, while other important aspects are almost skipped.

I'm currently taking it, and I find it rather informative with in depth descriptions and good examples of tool usage. I haven't finished all modules yet due to being busy, but the material never expires and you can start the certification process whenever you're ready.

You can also read the review here:
http://www.ethicalhacker.net/content/view/307/24/

I'm currently taking the eLearnSecurity course too but you've got to remember he's looking for a more predominant focus in web application attack course. While the web application attacks section is the best section compared to other sections, it'd have slides in the course that H1t M0nk3y would most likely know (this just judging from the certifications in his signature). Essentially he'd put out the money for the course to be mainly interested in the web application section and for the certification you have to pentest a vulnerable web-app.

Heorot's 3DCPT also looked pretty interesting:
http://heorot.net/3dcpt/

Fixed: Typo

I recently did the course and I felt it served as a very good introduction to the world of web application pen testing. That wasn't my experience. I will admit that there were areas where I would have preferred if more information was provided. But then that happens in almost ALL courses. I was fairly satisfied with the technical content.

@mambru and @Dark_Knight: I appreciate your comments!

I think I will go through some books instead for the next few months. I haven't seen anything convincing so far. Again, I pay everything myself and before putting $4000 on a course + travel or pay $500 for a bunch of PDFs, I may as well read a few books!

I am pushing right now! 

I will go through a few books on web app pentests and I will see. I may then by a GWAPT practice exam and see where I stand. I did that for GSEC and finally passed the exam without the course!

Thank you everyone for your comments!