.

Best WebApp Pentest Course?

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Mon Jul 12, 2010 9:31 am

Best WebApp Pentest Course?

Hi,

I will soon be ready to take a Web Application penetration testing course. My goal is to learn in-depth web app security. I have been a web app developer for 10 years and I have been in the security field for about 2 years now. So I am looking for an intermediate/advance course. I am looking on courses dedicated on web apps.

Also, I pay everything from my own pocket, so I am looking for the best value.

So far, I found:

  • SANS 542: Web App Penetration Testing and Ethical Hacking (GWAPT) - $4000 with the exam
  • InfoSec Institute: Learn to Pen Test and Secure Web Apps - $3825
  • BlackHat: The Web Application Hacker's Handbook - Live Edition - $1895 (late registration)
  • BlackHat: Web Application (in)Security - $1895 (late registration)

Do you know about other courses? Which one would you suggest?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Jul 12, 2010 8:55 pm

Re: Best WebApp Pentest Course?

Hi H1t M0nk3y,

A colleague currently is in the 3rd week of the GWAPT course and he is not satisfied with the level of the course so far.

Regarding the other courses, I have no references.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jul 13, 2010 12:17 am

Re: Best WebApp Pentest Course?

Don't forget the LearnSecurityOnline's course "So You Wanna Be A Web App Pentester" course. It's by far the cheapest on the list. I'd love to hear some reviews on it.

http://www.learnsecurityonline.com/offerings/courses/224-so-you-wanna-be-a-webapp-pentester
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Jul 13, 2010 6:32 am

Re: Best WebApp Pentest Course?

@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...

@xXxKrisxXx Thanks, I did forget about it! In the course description, they say:
How Is The Course Delivered & What Do You Get
All of the courseware will be delivered in PDF format

- 5 sets of powerpoint slides in PDF format
- 1 document (103 page course document) in PDF format
- 1 web app tools install walkthrough document
- 4 lab documents


I wonder what is the difference with this course and, let say, buying 6 or 7 books...

I think I am gonna take it. For $300, you can't go wrong. I will write a review as soon as I am done, probably late in September.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Tue Jul 13, 2010 9:12 am

Re: Best WebApp Pentest Course?

Also, there is eLearnSecurity. Web application is one of the three main focuses included in the course (System and Network security is also included). It is pretty in depth and is fairly cheap @ $599 (until the end of July). You also get a discount being an EH-Net member.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Tue Jul 13, 2010 10:13 am

Re: Best WebApp Pentest Course?

@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...


He says the technical level is far too low. Also, both instructors (Kevin Johnson & Set Misenar) spend too much time in simple things, while other important aspects are almost skipped.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Jul 13, 2010 11:47 am

Re: Best WebApp Pentest Course?

@secureseven Did you take the eLearnSecurity course yourself? I looked at it the other day but I wasn't sure...

@mambru Thanks
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Tue Jul 13, 2010 11:56 am

Re: Best WebApp Pentest Course?

I'm currently taking it, and I find it rather informative with in depth descriptions and good examples of tool usage. I haven't finished all modules yet due to being busy, but the material never expires and you can start the certification process whenever you're ready.

You can also read the review here:
http://www.ethicalhacker.net/content/view/307/24/
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Jul 13, 2010 12:04 pm

Re: Best WebApp Pentest Course?

Thanks secureseven.

In the review, they said:

We contacted Armando, and he told us that there will be a completely stand-alone Web Application course on its way containing much more web hacking fu. In the meantime he is working on adding w3af into the VA section.


I will be looking forward to this!!! ;D
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jul 13, 2010 12:09 pm

Re: Best WebApp Pentest Course?

I'm currently taking the eLearnSecurity course too but you've got to remember he's looking for a more predominant focus in web application attack course. While the web application attacks section is the best section compared to other sections, it'd have slides in the course that H1t M0nk3y would most likely know (this just judging from the certifications in his signature). Essentially he'd put out the money for the course to be mainly interested in the web application section and for the certification you have to pentest a vulnerable web-app.

Heorot's 3DCPT also looked pretty interesting:
http://heorot.net/3dcpt/

Fixed: Typo
Last edited by KrisTeason on Tue Jul 13, 2010 12:11 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Jul 13, 2010 8:16 pm

Re: Best WebApp Pentest Course?

You are right xXxKrisxXx, I am really looking at a course dedicated on web app pentesting.

Heorot's 3DCPT looks indeed quite interesting, however:

Students must have successfully completed the Nidan Certified Penetration Tester course before they can attend the 3DCPT course.


I wonder if we really have to take the other course first...  :-[
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Jul 13, 2010 8:19 pm

Re: Best WebApp Pentest Course?

mambru wrote:Hi H1t M0nk3y,

A colleague currently is in the 3rd week of the GWAPT course and he is not satisfied with the level of the course so far.

Regarding the other courses, I have no references.


I recently did the course and I felt it served as a very good introduction to the world of web application pen testing.
mambru wrote:
@mambru Did you colleague say why he is not satisfied with the GWAPT course? I am curious why...


He says the technical level is far too low. Also, both instructors (Kevin Johnson & Set Misenar) spend too much time in simple things, while other important aspects are almost skipped.


That wasn't my experience. I will admit that there were areas where I would have preferred if more information was provided. But then that happens in almost ALL courses. I was fairly satisfied with the technical content.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Wed Jul 14, 2010 1:29 am

Re: Best WebApp Pentest Course?

@Dark_Knight Yeah maybe it's a good introductory course, this guy is already a GPEN and has quite some experience doing PTs
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jul 14, 2010 6:26 am

Re: Best WebApp Pentest Course?

@mambru and @Dark_Knight: I appreciate your comments!

I think I will go through some books instead for the next few months. I haven't seen anything convincing so far. Again, I pay everything myself and before putting $4000 on a course + travel or pay $500 for a bunch of PDFs, I may as well read a few books!

I am pushing right now!  ;)

I will go through a few books on web app pentests and I will see. I may then by a GWAPT practice exam and see where I stand. I did that for GSEC and finally passed the exam without the course!

Thank you everyone for your comments!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Wed Jul 14, 2010 6:39 am

Re: Best WebApp Pentest Course?

Start with The Web Application Hacker's Handbook then. It's probably the best book out there for web app hacking.
Next

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software