Hi there,

I have been working as a QA tester (from development background) and am thinking to change my carrier path to Penetration Testing. I was wondering how you think of SANS training. Is it really practical as they claim on their website? Will I able to get a job as a pen tester after?

I am also interested in wireless security as well? I believe SANS offers "Web" and "Wireless" pen testing training.

Any advice and feedback will be welcome.

Thank you very much for your help in advance!

The SANS certs will help with HR filters. To an extent. But that's kind of the point of all certs and degrees. To show you can put up with BS / while investing in your own education. They make you look better, while saying you can jump through hoops instead of plowing through them.

I think you will be a perfect fit into the WiFu+OSWP course. I hear they actually teach you the basics and take you from there on out with attacking wifi access points. I'm sure you qualify for the pre-reqs by just having a general understanding of what you mentioned you know. Their syllabus can be found below entailing other pre-requisites one should have before entering:

http://www.offensive-security.com/documentation/wifu-syllabus.pdf


Since your just wanting to get your feet in the door, I'm sure you could go the SANS route, but if your looking for a cheaper price and more at a beginner friendly level, LearnSecurityOnline has a cheap course with no certification offer entitled, "So You Want To Be A WebApp Pentester". eLearnSecurity may also be another great resource for you to check out - they're affordable, beginner friendly, have a solid web application security module built, and you would get introduced into other topics too like network and system security. Just wanted to let you know you do have other options; but if you do have the cash SANS certs are indeed respected.

For the moment I would say that OSWP is outdated, look for the topics here and you'll convince yourself. I am waiting for the version 2 (if it will be one).

With regards to the cheaper option at Elearn security. I am on that course at the moment. The web application assessment is very hands on. The courseware presents you with a number of concepts on the tools and techniques aswell as a number of training videos to get you off and running, with a focus on delivering a report like you would be expected to do as part of the job. The course also forces you to think for yourself, which in my opinion is a good thing.

The forums provide the main mechanism for support and do contain other useful information and a chance to submit questions, where either other students will assist or refer you to other external materials or you will get an answer from armando the trainer.

At the moment there is no official material for WiFi, but I've asked questions about this area in the forums and still recieved useful info even though its not part of the curriculum yet.

Hope this is useful.