.

Web App Pen Testing training

<<

waynegs

Newbie
Newbie

Posts: 2

Joined: Wed Dec 02, 2009 9:26 am

Post Tue Nov 13, 2012 9:19 am

Web App Pen Testing training

Can anyone recommend some web application pen testing training that is not quite as expensive as the sans classes?

I would love to find some online live or recorded instructor lead classes.

Thanks,

Wayne
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Nov 13, 2012 9:24 am

Re: Web App Pen Testing training

You could take a look at Offensive Security's "Advanced Web Attacks" course. As far as I know it might be available in an online format by the end of the year. I assume it will be in the same price range as their other online courses.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Tue Nov 13, 2012 9:25 am

Re: Web App Pen Testing training

eLearnSecurity

http://www.elearnsecurity.com/

You'll find many reviews on this site.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Nov 13, 2012 10:33 am

Re: Web App Pen Testing training

ziggy_567 wrote:eLearnSecurity

http://www.elearnsecurity.com/

You'll find many reviews on this site.


I'll second eLearnSecurity.  Great course material, very helpful labs.
GSEC, eCPPT, Sec+
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Tue Nov 13, 2012 10:36 am

Re: Web App Pen Testing training

I'm currently doing eCPPT and it's fun. The main reason was it's focus on web pentesting. Furthermore it is a nice warming up for the OSCP certification if you want to go that way.

The course content consists of a OS/Application section, WebApp and Network section. For me most material I knew already however I picked up a few new things and have gained a better understanding of the webapp pentesting part (I prefer OS/applications though haha). Did not write the exam report yet but am getting there.

Any questions? let me know. Also get the web application hackers handbook 2nd edition, it covers a lot of the same info as this course.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Nov 13, 2012 11:30 am

Re: Web App Pen Testing training

waynegs wrote:Can anyone recommend some web application pen testing training that is not quite as expensive as the sans classes?

I would love to find some online live or recorded instructor lead classes.

Thanks,

Wayne

WAHH2 - http://www.amazon.com/Web-Application-H ... 1118026470
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Nov 13, 2012 11:37 am

Re: Web App Pen Testing training

+1 to WAHH2 and the corresponding MDSec labs.

eLearn has good web app material, and is certainly a good starting place, but it doesn't have the same breadth and depth.
The day you stop learning is the day you start becoming obsolete.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Nov 13, 2012 1:20 pm

Re: Web App Pen Testing training

I'd agree with the above suggestions.

One of the members here (tturner) recently took the CSTP: Certified Security Testing Professional course and posted a review on his blog:

http://sentinel24.com/blog/7-safe-certi ... Conclusion

I've also seen a course offered by the Samurai Web Testing Framework, although I haven't taken the instructor led training. However, they do publish the course slides and I worked through them and found them quite useful to build off of:

http://sourceforge.net/projects/samurai ... %20Course/
Last edited by m0wgli on Tue Nov 13, 2012 4:17 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Nov 13, 2012 1:21 pm

Re: Web App Pen Testing training

I'd highly recommend Jeremy Druin's video series and Mutillidae. 79 videos and counting!

http://www.irongeek.com/i.php?page=vide ... mutillidae

Also OWASP has a bunch of great materials as well. Here's a link to the OWASP education project https://www.owasp.org/index.php/Categor ... on_Project  and OWASP has teamed with Security Innovation to make OWASP Team Mentor available which is a nice resource. http://owasp.teammentor.net/teamMentor and then a free hacking lab for OWASP Top 10 at https://www.hacking-lab.com/events/regi ... ventid=245

Don't forget http://www.securitytube.net/tags/web . I also highly recommend WAHHv2. I have not done the MDSEC labs and have heard good things but I was focusing on free resources here.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Nov 13, 2012 1:28 pm

Re: Web App Pen Testing training

m0wgli wrote:
One of the members here (tturner) recently took the CSTP: Certified Security Testing Professional course and posted a review on his blog:

http://sentinel24.com/blog/7-safe-certi ... Conclusion



Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn't win an ethicalhacker.net contest I mean)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Nov 13, 2012 4:32 pm

Re: Web App Pen Testing training

Thanks for the mention m0wgli. It really was a pretty great course for what it was (2 days really limits how deep you can cover material) but definitely not free (for anyone that didn't win an ethicalhacker.net contest I mean)


@tturner I thought it worth mentioning as it's a well written review. I recently took the CSTA course (in the UK) and was really impressed with the quality of the course materials as well as the instructors (Jerome/Owen).

@waynegs You may be aware of these already but there are lots of vulnerable by design webapps available for learning. Using these in conjunction with the WAHH2 you can learn alot.

The link below has most of the well known ones:

http://blog.taddong.com/2011/10/hacking ... tions.html

Another recent addition not included in the link above, which is worth a look:

https://hack.me/
Last edited by m0wgli on Tue Nov 13, 2012 4:45 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Nov 14, 2012 1:43 am

Re: Web App Pen Testing training

Just to reiterate what's already been said, I've told several people that the elearnsecurity course is the best entry level web security course out there.

It provides such a good foundation.  After taking the course, I started reading the WAHH, and I found the material in the book much easier to understand because of what I learned from the eCPPT.
Sec+, eCPPT
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Thu Nov 15, 2012 10:36 am

Re: Web App Pen Testing training

for practicing and learning SQL injection i reccomend this lab on a LAMP server: https://github.com/Audi-1/sqli-labs&nbsp; and if you get stuck the developer of these labs has video tutorials on Security Tube
where did all the fun go?

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software