Hi all ,

Presently i am working as software professional . But i am very much intrested in Security . I am planning to do CEH Certification . Can you please share your thoughts on this .How it will be helpful as a fresher to security field .  Can you recommend any other security certification after CEH to become professional in this security field .

your suggesions are more valueable to me and my career 

bwahahahahaha!  (wow)

Proof:
http://i.imgur.com/tD7w4.png

As the right answer is: Sanitize user-input in SQL queries with e.g., mysql_real_escape_string($var); in PHP (aka SDLC / Secure Development LifeCycle), but it doesn't exist in the CEHv6 courseware by Skillsoft, I had to use the possible answers the best way I could.

Explanations to the possible answers and my choices:
- Enforce the use of strong passwords and typing: It's just simply wrong
- Ensure that HTML placeholders in URLs are replaced with symbols: I read this as "encode (sanitize) user-input so < becomes &lt;". The problem is that they don't use the language anyone else use.
- Grant user unlimited login attempts: I knew this would be wrong no matter what.
- Append all quotes sent to clients: This was a bit weird, but I read it as: "Append a backslash to quotes and apostrophes, sent BY clients / users." That, did make sense, even though it does not protect against SQL Injection. (Double-byte characters can bypass this.)
- Limit the allowed number of failed login attempts: I have no idea why this is right, as login attempts has nothing to do with SQL Injection. According to Skillsoft, it does.

As I know you can't have just 1 right in the Skillsoft tests, when it's multi-choice questions, I had to choose at least 2. (Sometimes 3)


When I read my first possible choice of answer again, a few months later, I can see that it can be interpreted as: Replace &quot; with " , and that is of course wrong.  



You can change the user-agent of most tools and thereby fool websites to allow you access anyway, I've used this quite a lot when websites say: "You cannot access this website unless you use Internet Explorer", oh yeah? *Changes user-agent* Oh yes we can!  

It sounds a bit crazy about the web app test, but I have seen it on a few sites, often those that are poorly coded, or using ActiveX plugins that won't make the website work without.  

The funny thing is IE doesn't follow HTML coding standards anyway, so it's somewhat a joke to make a website specially compatible with only IE, even though many users, unfortunately still use IE.  

It was the latter. You literally couldn't do anything without IE; it wasn't just checking the user agent or something simple like that.

Hi, I am a relative newbie myself and have already taken and passed the CEH V7 and sincerely wouldn't recommend it to anyone not even for getting past HR.

The course materials as previously stated are full of bloat and errors and their forum is out of date. One of the other problems for a beginner is where to start and the CEH way is here is an encyclopedia of hacking, get on with it but without any particular focus or depth in any area. The exam is a multiple choice exam and has no practical element.

Feeling let down and luckily for me having some more money in my training budget I decided to take the eLearnSecurity professional course which is also suitable for beginners.

Now in my opinion this course is bias towards web hacking but it did cover other areas and overall I found it excellent and great exposure going forward.

The exam for this course is a practical exam and students are expected to conduct a pentest and submit a report. There is plenty of help and support available from the course providers also which is good for a beginner.

So for a beginner certification I can readily recommend this as a starting point.

What you could also do before parting with any cash is to work through all of the free insecure virtual machines which are available on the internet for example

BadStore
Damn Vulnerable Web App
Hacme Series from Foundstone
De-Ice
WebGoat

Hope that helps...