.

What do you think of SANS Penetration Testing and Ethical Hacking training

<<

janugu

Newbie
Newbie

Posts: 3

Joined: Wed Feb 02, 2011 8:54 am

Post Wed Feb 02, 2011 9:06 am

What do you think of SANS Penetration Testing and Ethical Hacking training

Hi there,

I have been working as a QA tester (from development background) and am thinking to change my carrier path to Penetration Testing. I was wondering how you think of SANS training. Is it really practical as they claim on their website? Will I able to get a job as a pen tester after?

I am also interested in wireless security as well? I believe SANS offers "Web" and "Wireless" pen testing training.

Any advice and feedback will be welcome.

Thank you very much for your help in advance!
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Feb 02, 2011 9:46 am

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

I would rather do WiFu+OSWP from Offensive Security, cheaper but the quality to content ratio is also most likely higher, and a lot more technical, so be prepared to get into the details :D

The Web Application Security courses from SANS are okay, from what I heard (from people who did them) and read (on their website and blogs). But the things you learn are basic, and won't get you that near a real hacker within "WebAppSec". Unfortunately, I don't know any courses within this category I can recommend yet, but check out a few of my blog entries if you're going into this category within WebAppSec, you might enjoy them if you don't already know them  ;)

Link: http://www.exploit-db.com/category/maxe/

Anyway, if you want to do Penetration Testing you should be prepared to learn a lot, and also enjoy it with passion even in your time off work if you want to be really good  ;D But that is of course just my opinion and I'm glad to hear another person is getting hopefully into serious pentesting as well.
I'm an InterN0T'er
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Feb 02, 2011 12:01 pm

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

The SANS certs will help with HR filters. To an extent. But that's kind of the point of all certs and degrees. To show you can put up with BS / while investing in your own education. They make you look better, while saying you can jump through hoops instead of plowing through them.
OSWP, Sec+
<<

janugu

Newbie
Newbie

Posts: 3

Joined: Wed Feb 02, 2011 8:54 am

Post Wed Feb 02, 2011 12:49 pm

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

Thanks very much for your advice!

I checked out WiFu+OSWP and it does seem interesting and much cheaper than other training.

I have some concerns about the prerequisites though... Because I only have basic knowledge of TCP/IP, Networking and Linux since I was a .net devleoper. Do you think I will be okay with my experience to take these courses?

MaXe wrote:I would rather do WiFu+OSWP from Offensive Security, cheaper but the quality to content ratio is also most likely higher, and a lot more technical, so be prepared to get into the details :D

The Web Application Security courses from SANS are okay, from what I heard (from people who did them) and read (on their website and blogs). But the things you learn are basic, and won't get you that near a real hacker within "WebAppSec". Unfortunately, I don't know any courses within this category I can recommend yet, but check out a few of my blog entries if you're going into this category within WebAppSec, you might enjoy them if you don't already know them  ;)

Link: http://www.exploit-db.com/category/maxe/

Anyway, if you want to do Penetration Testing you should be prepared to learn a lot, and also enjoy it with passion even in your time off work if you want to be really good  ;D But that is of course just my opinion and I'm glad to hear another person is getting hopefully into serious pentesting as well.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Feb 02, 2011 1:22 pm

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

Do you think I will be okay with my experience to take these courses?


I think you will be a perfect fit into the WiFu+OSWP course. I hear they actually teach you the basics and take you from there on out with attacking wifi access points. I'm sure you qualify for the pre-reqs by just having a general understanding of what you mentioned you know. Their syllabus can be found below entailing other pre-requisites one should have before entering:

http://www.offensive-security.com/documentation/wifu-syllabus.pdf

I believe SANS offers "Web" and "Wireless" pen testing training.


Since your just wanting to get your feet in the door, I'm sure you could go the SANS route, but if your looking for a cheaper price and more at a beginner friendly level, LearnSecurityOnline has a cheap course with no certification offer entitled, "So You Want To Be A WebApp Pentester". eLearnSecurity may also be another great resource for you to check out - they're affordable, beginner friendly, have a solid web application security module built, and you would get introduced into other topics too like network and system security. Just wanted to let you know you do have other options; but if you do have the cash SANS certs are indeed respected.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Wed Feb 02, 2011 3:24 pm

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

janugu wrote:Hi there,

I have been working as a QA tester (from development background) and am thinking to change my carrier path to Penetration Testing. I was wondering how you think of SANS training. Is it really practical as they claim on their website? Will I able to get a job as a pen tester after?

I am also interested in wireless security as well? I believe SANS offers "Web" and "Wireless" pen testing training.

Any advice and feedback will be welcome.

Thank you very much for your help in advance!


Sans training is very good. You won't turn into a 133t hacker when your done. But the material is very good and offers up a good foundation on which to further develop your skills.

I have done both the GPEN(Network Pentesting) and the GWAPT(Web Application Pen Testing). Both were very good.

I have also done the OSCP which is the equivalent to the SANS GPEN. The OSCP is like no other in it's class. As I have said repeatedly on this site the GPEN is good compliment to the OSCP.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Feb 02, 2011 3:47 pm

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

For the moment I would say that OSWP is outdated, look for the topics here and you'll convince yourself. I am waiting for the version 2 (if it will be one).
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 03, 2011 9:13 am

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

Welcome, ptamashahq

Out of respect, please refrain from posting the same comment to multiple pages.  One would've sufficed.

Anyway, I hope you find value here, and again, welcome.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rabray

Newbie
Newbie

Posts: 38

Joined: Mon Nov 01, 2010 2:41 pm

Post Sat Feb 05, 2011 4:40 am

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

With regards to the cheaper option at Elearn security. I am on that course at the moment. The web application assessment is very hands on. The courseware presents you with a number of concepts on the tools and techniques aswell as a number of training videos to get you off and running, with a focus on delivering a report like you would be expected to do as part of the job. The course also forces you to think for yourself, which in my opinion is a good thing.

The forums provide the main mechanism for support and do contain other useful information and a chance to submit questions, where either other students will assist or refer you to other external materials or you will get an answer from armando the trainer.

At the moment there is no official material for WiFi, but I've asked questions about this area in the forums and still recieved useful info even though its not part of the curriculum yet.

Hope this is useful.
---------------------------------------
CEH, eCPPT, MCT, MCSA, MCDST, A+, Net+

Never been the flamin type.
<<

janugu

Newbie
Newbie

Posts: 3

Joined: Wed Feb 02, 2011 8:54 am

Post Sat Feb 05, 2011 9:22 am

Re: What do you think of SANS Penetration Testing and Ethical Hacking training

Dark_Knight wrote:Sans training is very good. You won't turn into a 133t hacker when your done. But the material is very good and offers up a good foundation on which to further develop your skills.

I have done both the GPEN(Network Pentesting) and the GWAPT(Web Application Pen Testing). Both were very good.

I have also done the OSCP which is the equivalent to the SANS GPEN. The OSCP is like no other in it's class. As I have said repeatedly on this site the GPEN is good compliment to the OSCP.




First of all, thanks so much for all the valuable comments!!!

I am leaning toward SANS... But, I can't decide which one between "GPEN(Network Pentesting)" and "GWAPT(Web Application Pen Testing)". GPEN seems more intensive than GWAPT and I am not sure if my development/testing background would be enough to take that course. On the other hand, I should consider taking GWAPT in order to extend my knowledge/experience from web/windows applications.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software