Web App Pen Testing training

Viewing 12 reply threads
  • Author
    Posts
    • #8023
      waynegs
      Participant

      Can anyone recommend some web application pen testing training that is not quite as expensive as the sans classes?

      I would love to find some online live or recorded instructor lead classes.

      Thanks,

      Wayne

    • #50838
      UNIX
      Participant

      You could take a look at Offensive Security’s “Advanced Web Attacks” course. As far as I know it might be available in an online format by the end of the year. I assume it will be in the same price range as their other online courses.

    • #50839
      ziggy_567
      Participant

      eLearnSecurity

      http://www.elearnsecurity.com/

      You’ll find many reviews on this site.

    • #50840
      lorddicranius
      Participant

      @ziggy_567 wrote:

      eLearnSecurity

      http://www.elearnsecurity.com/

      You’ll find many reviews on this site.

      I’ll second eLearnSecurity.  Great course material, very helpful labs.

    • #50841
      sh4d0wmanPP
      Participant

      I’m currently doing eCPPT and it’s fun. The main reason was it’s focus on web pentesting. Furthermore it is a nice warming up for the OSCP certification if you want to go that way.

      The course content consists of a OS/Application section, WebApp and Network section. For me most material I knew already however I picked up a few new things and have gained a better understanding of the webapp pentesting part (I prefer OS/applications though haha). Did not write the exam report yet but am getting there.

      Any questions? let me know. Also get the web application hackers handbook 2nd edition, it covers a lot of the same info as this course.

    • #50842
      Dark_Knight
      Participant

      @waynegs wrote:

      Can anyone recommend some web application pen testing training that is not quite as expensive as the sans classes?

      I would love to find some online live or recorded instructor lead classes.

      Thanks,

      Wayne

      WAHH2 – http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

    • #50843
      dynamik
      Participant

      +1 to WAHH2 and the corresponding MDSec labs.

      eLearn has good web app material, and is certainly a good starting place, but it doesn’t have the same breadth and depth.

    • #50844
      m0wgli
      Participant

      I’d agree with the above suggestions.

      One of the members here (tturner) recently took the CSTP: Certified Security Testing Professional course and posted a review on his blog:

      http://sentinel24.com/blog/7-safe-certified-security-testing-professional-review/#MyConclusion

      I’ve also seen a course offered by the Samurai Web Testing Framework, although I haven’t taken the instructor led training. However, they do publish the course slides and I worked through them and found them quite useful to build off of:

      http://sourceforge.net/projects/samurai/files/SamuraiWTF%20Course/

    • #50845
      tturner
      Participant

      I’d highly recommend Jeremy Druin’s video series and Mutillidae. 79 videos and counting!

      http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae

      Also OWASP has a bunch of great materials as well. Here’s a link to the OWASP education project https://www.owasp.org/index.php/Category:OWASP_Education_Project  and OWASP has teamed with Security Innovation to make OWASP Team Mentor available which is a nice resource. http://owasp.teammentor.net/teamMentor and then a free hacking lab for OWASP Top 10 at https://www.hacking-lab.com/events/registerform.html?eventid=245

      Don’t forget http://www.securitytube.net/tags/web . I also highly recommend WAHHv2. I have not done the MDSEC labs and have heard good things but I was focusing on free resources here.

    • #50846
      tturner
      Participant

      @m0wgli wrote:

      One of the members here (tturner) recently took the CSTP: Certified Security Testing Professional course and posted a review on his blog:

      http://sentinel24.com/blog/7-safe-certified-security-testing-professional-review/#MyConclusion

      Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn’t win an ethicalhacker.net contest I mean)

    • #50847
      m0wgli
      Participant

      Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn’t win an ethicalhacker.net contest I mean)

      @tturner I thought it worth mentioning as it’s a well written review. I recently took the CSTA course (in the UK) and was really impressed with the quality of the course materials as well as the instructors (Jerome/Owen).

      @waynegs You may be aware of these already but there are lots of vulnerable by design webapps available for learning. Using these in conjunction with the WAHH2 you can learn alot.

      The link below has most of the well known ones:

      http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html

      Another recent addition not included in the link above, which is worth a look:

      https://hack.me/

    • #50848
      Seen
      Participant

      Just to reiterate what’s already been said, I’ve told several people that the elearnsecurity course is the best entry level web security course out there.

      It provides such a good foundation.  After taking the course, I started reading the WAHH, and I found the material in the book much easier to understand because of what I learned from the eCPPT.

    • #50849
      jinwald12
      Participant

      for practicing and learning SQL injection i reccomend this lab on a LAMP server: https://github.com/Audi-1/sqli-labs  and if you get stuck the developer of these labs has video tutorials on Security Tube

Viewing 12 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?