+ Reply to Thread
Results 1 to 16 of 16
  1. Junior Member
    Join Date
    Jul 2017
    Posts
    8

    Certifications
    CISA, CISSP, CISM, OSCP, OSWP, eWPTX
    #1

    Default eLearningSecurity Advanced Web Application Penetration Tester (eWPTX) Review

    I have recently completed eLearnSecurity’s Web Application Penetration Testing eXtreme course and wanted to share my experiences.

    Before taking this course I completed OSCP before, but I felt that the OSCP really lacks the depth in web application security. This was the reason that I searched for a completly web application security focused course which can be attended online and is cost-efficient (meaning it is not $5000 such as the SANS courses).

    I found the Elearnsecurity’s Web Application Penetration Testing Extreme course fulfills these criteria well (The only con I found about the training that the course material gets updated rarely).

    First, it shows you wide range vulnerability types (XSS, XML, SQL injection, CSRF, HTML5, etc.) with comprehensive materials to understand them, to test for them, and to exploit them with real world examples (meaning you won’t test for alert(’XSS’) and likes).

    What makes the difference between this course and the WAPT (it’s prequel course), that in this course you learn much about evasion techniques (evading regexp filtering, WAF, etc) and more there are more in-depth techniques as well.

    Although the course is quite comprehensive, there is still much you can learn outside of it, you have to research and explore several things, because many times there are directions and reference materials but not complete solutions. This means that you can never use tools out of the box such as running a simple sqlmap scan in the labs. You have modify a lot of things with sqlmap or write a wrapper script to feed it to sqlmap in order to exploit an sql injection. It’s quite different from Offensive Security’s OSCP „Try harder” approach, such as there is a student forum where you can get good and fast help if you need it.

    Of course there are labs and an exam as well. The labs aims to have you practice the techniques which was gathered in the course materials, because of this, they are quite simple. Their main purpose to have you understand how the technique works, but nothing more. It’s different from the OSCP labs where you just have to hack all the servers in the lab environment.

    I found the the exam much more interesting. It simulates a penetration testing assessment, you get the scope, objective, and 7 days of lab time to find ALL vulnerabilites on the site and then another 7 days to write a report. And you really have to find all vulnerabilites, if you forgot to write down the simpliest CSRF attack in your report then you fail. However this works without the intent to make people fail the exam, because there is a free retake, and you get feedback what kind of vulnerabilities you missed during your first time.

    What I really liked in the exam, that you have enough time to research to make your exploits work during the assessment (For example I read some chapters from security related books to understand, why my attacks does not work). Opposite the OSCP exam where time is really tight, because you have only 24 hours to test, this really makes your work easier, and you can improve during the exam as well.

    All in all I recommend this course to those who are interested in web security. After taking the course I understands the techniques taught much better then before. One thing for sure, my next course will be an Elearnsecurity training as well.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Jun 2015
    Posts
    30

    Certifications
    Security+ eJPT
    #2
    thanks for the review, I think your review is only the second one I've seen for this particular exam... I recently purchased the bundle from eLEARN for the PTPv4 and the WPT myself.

    I do appreciate the format that eLearn provides as well... I think after I do these two ill take a crack at the OSCP again...
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Jul 2017
    Posts
    8

    Certifications
    CISA, CISSP, CISM, OSCP, OSWP, eWPTX
    #3
    Yup, I like them too, unfortunately, I can't buy the bundle, only one course per year.
    But I've already chosen my next one: Practical Web Defense to complement the attack methods I learnt.
    After I finished, I'll write a review about it too.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #4
    Excellent review! I've also purchased an eLearnSecurity bundle including the eWPTX. Thought this will go further than the OSCP as well.. Really happy about your positive review !!!

    On my side, what I've been a bit disappointed with was the fact that downloading all the trainings content is cumbersome to say the least. I'd have liked a complete package as an archive per training but well, downloading each file is okay as well although time consuming (do i have every files?? control again, verify, etc..)

    I really didn't had much time yet, some employer certs to finish 1st, but i'll start with the ARES/eCRE training seriously in October.

    Cheers,
    m.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Oct 2016
    Location
    North Carolina
    Posts
    17

    Certifications
    CISSP, GPEN, CEHv7, Sec+, ITILv3
    #5
    Thank you for the review, it was definitely inspiring!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Jun 2017
    Posts
    9
    #6
    Shock another positive review from a company offering a prize for a review!

    Not like a negative review will win imagine saying and in first place is this review and send a link out to everyone to read saying how poor it was.

    Real shame a company has to scoop so low to get a free bit of advertising.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Jul 2017
    Posts
    8

    Certifications
    CISA, CISSP, CISM, OSCP, OSWP, eWPTX
    #7
    Or maybe, because I really like their courses?
    I've just registered to my 4th one...
    Reply With Quote Quote  

  9. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #8
    Quote Originally Posted by mokaz View Post

    I really didn't had much time yet, some employer certs to finish 1st, but i'll start with the ARES/eCRE training seriously in October.

    Cheers,
    m.
    I'm REALLY interested in their ARES course. I'd love to see a journal thread and review when you go through the course. I've not really found any reviews out there for it.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  10. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    637

    Certifications
    CCNA: R&S, eJPT, JNCIS-SEC, Adtran(IPBG & IN), Dell Sonicwall CSSA, Dell Sonicwall Email Security, CompTIA Security+, CompTia Network+
    #9
    Quote Originally Posted by Privacy View Post
    Shock another positive review from a company offering a prize for a review!

    Not like a negative review will win imagine saying and in first place is this review and send a link out to everyone to read saying how poor it was.

    Real shame a company has to scoop so low to get a free bit of advertising.
    The members of this forum have been fans of ELS long before the contest and there are plenty of positive reviews here. If you don't like what they are doing, don't read the threads that are reviewing them. It is poor taste to come into someones review thread and act that way. Posting in one thread is okay to express your view, but this is the second attempt at it.
    2017 Certification Goals: CISSP [] eCPPT [] OSCP []

    Blog: www.networkingfox.net
    Reply With Quote Quote  

  11. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    157

    Certifications
    CISSP, GPEN, eJPT, CSA+
    #10
    I was wondering if you think you would need to do the WPT before doing the WPXT? I am interested in expanding my knowledge of web stuff and the eCPPT covers a lot already but I wanted to do more. You think just jumping into the eWPXT will be ok?
    Completed: CISSP, GPEN, eJPT, CSA+, M.S. Information Security
    Current Goal: eCPPT
    Five Year Plan:​ RHCSA, CISM, OSCP, GSEC, GCIA, GCIH, GMON, GWAPT, GSE
    Book/CBT/Study Material:​ Web Application Video Course Cybrary
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2014
    Posts
    160
    #11
    Quote Originally Posted by JoJoCal19 View Post
    I'm REALLY interested in their ARES course. I'd love to see a journal thread and review when you go through the course. I've not really found any reviews out there for it.
    Yeahhh i'll do a thread.. I've read the 1st tree modules PDF's and it's well written, well posed and i like the down to earth approach of the teacher.. But really i've got so much on my table right now that I hardly leave the computers no more, which made me push a little bit further my serious ARES start...
    Reply With Quote Quote  

  13. Member
    Join Date
    Jun 2015
    Posts
    30

    Certifications
    Security+ eJPT
    #12
    For that I think it would be best to ask this on the actual elearn forums in regards to content and what not.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    1
    #13
    I will for sure look into the elearnsecurity courses. Have been scoping them for awhile. It would be great to have before I go for my OSCP cert.
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #14
    I've also been thinking about taking some eLearnSecurity course for a while now. One major concern I have is that I am a full-time employee and their exam design seems to be incompatible to that (most exams seem to be 7 days). Can you tell me if it's realistic to complete the exam within the time frame when you're working full time, or would you need to take a whole week off just for that?
    Reply With Quote Quote  

  16. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Austin, Texas
    Posts
    410

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #15
    Their courses are awesome, only problem I have which could be minor or not is the content updates. For example, SANS update their course and exams 3 times a year vs eLS. I mean you are paying 5x less so you have to weight the pro/con ratio.
    Studying: LFCS
    Reading
    : Python Crash Course
    Upcoming Exam: GWAPT

    https://realworlditsecurity.wordpress.com
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Apr 2016
    Posts
    9
    #16
    Hi, in response to some if the questions in here (yes, I work for eLS):

    The exam gives you 7 days lab access to do the hands-on tasks, plus 7 days to submit the report. It differs slightly depending on what course/ exam you are taking. The details of that are in the exam description on our site. Most of our students attempt the exams "aside" from a job, so no problems with that at all. The 7 days period is designed to make it easy for you "especially" if you are on a job. There is also a chance for a retake in case things go wrong the first time. If you focus on the exam fulltime you can probably be done in less than a day or 2 max

    We do recommend to go for WAPT first before doing the WAPTX, but if after reading the syllabus of both courses one thinks he/she has the skills to go WAPTX directly then thats ok as well.

    Updates: We do every now and then update or add minor things in the course content, thats not always announced or blown up by a big "UPDATED COURSE" post. Bigger version updates come when the course authors feel that much has changed and a major update is in deed necessary. There is no fixed "3-times a year" schedule for that.

    Download of material: Thanks for the comment, we are looking into finding ways to address this better.

    Yes, we are running a review contest where we look for HONEST reviews, not "I love it so much" stuff. We want to find out what and where we can improve, so we do actually look for the things our students feel can be better.

    We do have a forum on our site too, this is a good place for course related questions or even things related to exams...

    There are some reviews out there for ARES too, or the eCRE exam. Google is your friend...
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks