.

Web Hackers Handbook labs?

<<

Sinco98

Newbie
Newbie

Posts: 5

Joined: Wed Dec 14, 2011 3:35 am

Post Wed Dec 14, 2011 3:54 am

Web Hackers Handbook labs?

I am wondering if anyone has used the web hackers handbook labs from mdsec.net
<<

millwalll

Post Wed Dec 14, 2011 4:49 am

Re: Web Hackers Handbook labs?

Hi

No I have the book but I think the labs are too expensive when there are ways to test for free like webgoat,DVWA so on..

If the labs were a one off payment for a certain amount of time like $50 for a month then I would be more tempted to use them.
<<

Sinco98

Newbie
Newbie

Posts: 5

Joined: Wed Dec 14, 2011 3:35 am

Post Wed Dec 14, 2011 6:00 am

Re: Web Hackers Handbook labs?

yes that was my thinking $7 an hour (£5) seems to bit expensive when like you stated DVWA is available.

Thanks,
<<

millwalll

Post Wed Dec 14, 2011 6:57 am

Re: Web Hackers Handbook labs?

yah don't get me wrong I sure there labs are amazing and I sure they making lots money from companies who can afford $7 an hour but for someone new to the industry trying to work you way in with no money it just crazy
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Dec 14, 2011 9:28 am

Re: Web Hackers Handbook labs?

I plan to buy 10 hours of lab time. I know that thery are expensive compared to eLS or even OS*P. But, the best way of learning is by studying and doing.

In my opinion, if someone will go through the most of the labs he will be extremelly skilled. Also, consider the fact that the book is about 40$ plus 100 hours lab time is 740$. A lot, but a SANS course is more than 3000$.

I did SANS GWAPT, eLS and I have the book. Soon I will do a comparison between them.

I also think that paying by the hour will make you sweat more.  :)
Consider the following analogy: having a girfriend (pay monthly access) and "renting" a wh*re by the hour. In which case will you "give your best" and want the best ROI??  ::)
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Dec 14, 2011 10:10 am

Re: Web Hackers Handbook labs?

<grin>  That's quite the analogy, alucian!  ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

millwalll

Post Wed Dec 14, 2011 10:17 am

Re: Web Hackers Handbook labs?

That is fair comment and yes compared to most courses run by sans its really good value. I personally would rather read the book use free alternatives and the money I save by not going into the labs spend on another course that would help me develop in another area.

I guess if you want to be amazing at web apps then spending the money on it like a course would be beneficial.
<<

Sinco98

Newbie
Newbie

Posts: 5

Joined: Wed Dec 14, 2011 3:35 am

Post Thu Dec 15, 2011 3:54 am

Re: Web Hackers Handbook labs?

I suppose there is one good thing about it. You can follow it through with the book and all the examples in the book are relevant to the prac on the website.
<<

millwalll

Post Thu Dec 15, 2011 5:23 am

Re: Web Hackers Handbook labs?

Yah I think if you just wanted to learn web apps then may you could do it as course buy the book spend rest on the labs but more pen tester have to be skilled in many area I personally would buy the book use the free apps then spend other money on networking security course.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Thu Dec 15, 2011 9:14 am

Re: Web Hackers Handbook labs?

@Jamie
I think that you are wrong. For example you have the chapter about session management and how to test the tokens. Then you have three labs where you can practice. Like this you'll apply what you've just read, and you'll better understand and remember.

I plan to do at least a lab from each category. If I a do OK I'll move on, otherwise I'll do another one.

If you'll read the book, and then read one about network secutiry, then wireless... you'll be cabbage. Honestly. 

At the beggining I was upset about the fact that they only give hourly access (I still think that it is too expensive). But, for lazy guys like me this will be a motivation to really use that hour.

I think that they are loosing money by putting a price so high on the lab. It is like the horses you can find in the malls. I will not pay 1$ for my kids to play 2 minutes, but I will pay 50 cents (maybe I will have them play 3 times).

I will keep you informed about the quality of the labs.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

millwalll

Post Thu Dec 15, 2011 11:28 am

Re: Web Hackers Handbook labs?

I agree with you that the price and book make sense if you look at it as a course. However IMO I would not pay for the labs as I think there are lots of free alternatives where you can practice most if not all the vulnerabilities in the book.

And I think one best way to lean web security is to build your own web applications and then break them.

IMO I think the price is too high and I think they would make more if it was more affordable.
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 16, 2011 9:30 am

Re: Web Hackers Handbook labs?

Has anyone gone through all the Coliseum labs for elearnsecurity?  How do those compare?  Are there any other online labs that are perhaps a better value than the WAHH ones?
Sec+, eCPPT
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Dec 16, 2011 10:22 am

Re: Web Hackers Handbook labs?

I thought the eLS Coliseum Labs were great.  They really helped me learn and remember the techniques that were taught during the course, and actually seeing what happens when you exploit a vuln helped a lot as well.  The stories that went along with each battle made it fun too.

I haven't done the WAHH labs though, so I can't compare the two.  But I can say that the eLS Labs are definitely worth it.

eLS = $99 for a month access
WAHH - At $7/hr, 2 hours a night, you'll get to $98 spent by the end of one week.
GSEC, eCPPT, Sec+
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 16, 2011 2:16 pm

Re: Web Hackers Handbook labs?

I think there were 10-20 eLS labs when I went through it during my course, I was just wondering how many there are now if anyone knows.
Sec+, eCPPT
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 16, 2011 2:20 pm

Re: Web Hackers Handbook labs?

Never mind, I found a description on the website, looks to be a few new labs from when I did it.
Sec+, eCPPT
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software