.

Prices for Web Application Security courses, your thoughts?

<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jan 03, 2012 5:50 pm

Prices for Web Application Security courses, your thoughts?

Hi EH-netters,


Occasionally I wonder about a variety of things, and some times my questions are best answered by real people.

What I wonder is, what would you think, to be a reasonable price for 1) a beginner course (to web app sec), and 2) a more advanced course?

As I already know the prices for eLearnSecurity and Offensive Security, which I find reasonable even though I don't have enough money to pay for it myself, I wonder what you think  :)


Let me hear your thoughts, and also what you expect from 1 and 2, do you expect comprehensive courses, or courses covering the most used attack vectors? Etc.

Off topic comments are more than welcome too.



Best regards,
MaXe
I'm an InterN0T'er
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jan 03, 2012 6:32 pm

Re: Prices for Web Application Security courses, your thoughts?

It really depends on what you're offering. If you just make a PowerPoint equivalent to the Web Hackers Handbook, why would it be worth more than the $50 or so dollars for that resource? If you provide audio lectures, instructional videos, challenges/labs, etc., it could be worth significantly more. The others also have the benefit of being relatively established with a potential certification that can be listed as a credential as a resume. The possibility of opening doors provides additional value.

Something that might be interesting would be to take a piece-meal approach to the course and offer various modules (XSS, CSRF, SQLi, Advanced Oracle, Web Shells, Java, Flash, etc.) as $50-100 units. You could possibly offer bundle/subscription pricing (for new modules) as well. This would be useful for some people who may want to brush up on a couple topics, and would be disinclined from purchasing an entire course to do so. At the same time, discounts could be available for someone that wants everything (to briefly answer your original question; I'd say anything from $300-1500 is feasible, depending on what is offered.)

Regarding content, what I really want is to know everything about everything :)

Seriously though, you need to balance breadth and depth (that's what she said?). I don't want to be given a high-level overview of a bunch of topics that leaves me with little-to-no practical knowledge, nor do I want to focus on a small number of techniques in excruciating detail that would limit my effectiveness in the real world (i.e. I can only compromise an app in specific scenarios/configurations, even though many other avenues may be available). If you could find content that satisfies the 80/20 Rule/Pareto Principle (80% of the compromises are achieved through 20% of these known vectors/techniques), you'd be off to a good start.

Furthermore, I want to apply what I learn ASAP. You don't need a full-featured application for every point, but something like a collection of PHP scripts would be useful. For example, when discussing XSS, the first script could just take echo the 'q' GET variable back to the user, the second would apply basic filtering and require some encoding, and so on. I really appreciate exercises that reinforce what I'm learning and show me how they can actually be applied/executed.

That was a bit of a ramble, but I HTH.
The day you stop learning is the day you start becoming obsolete.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jan 03, 2012 7:47 pm

Re: Prices for Web Application Security courses, your thoughts?

Impressive and very detailed (and nice) reply dynamik, and of course I wasn't talking about a powerpoint presentation of the web hackers handbook, but at least several hours (at least 3-5) of video demonstrations with a PDF file containing some of the background and of course code examples, poc's, etc. Thanks  :)
I'm an InterN0T'er
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Jan 03, 2012 10:27 pm

Re: Prices for Web Application Security courses, your thoughts?

No problem. You've provided quite a few detailed and thorough responses yourself, so I was happy to have an opportunity to reciprocate.

Also, I didn't actually think you would make a PP version of the Web Hackers Handbook ;) I was just using that as a comparison along the lines of, "If that amount of information goes for $50, what are you going to do to justify the extra customer costs that would make your efforts worthwhile."
The day you stop learning is the day you start becoming obsolete.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software