+ Reply to Thread
Results 1 to 14 of 14
  1. Junior Member
    Join Date
    Mar 2018
    Posts
    9
    #1

    Default Web Application Penetration Testing Course

    Hi Everyone and nice to meet you.
    I have passed the CEH, CHFI and now I am preparing the OSCP Exam.
    I am looking for a very good practical training fully dedicated to the Web App Pentest.
    Does anyone have any suggestion?
    Many thanks
    Regard
    G.
    Reply With Quote Quote  

  2. SS
  3. Member
    Join Date
    Mar 2014
    Location
    Norway
    Posts
    32

    Certifications
    CISSP, SSCP, PCIP, eJPT, Security+, NSE4, ISO 27001 LI, ECIH.
    #2
    Please excuse my lazy posting .

    See below:

    https://www.elearnsecurity.com/cours...ation_testing/
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Mar 2018
    Posts
    9
    #3
    I was actually looking at it but since I never heard about eLearnSecurity I would like also to have some review if possible
    BTW thanks for the input
    Reply With Quote Quote  

  5. Member
    Join Date
    Mar 2014
    Location
    Norway
    Posts
    32

    Certifications
    CISSP, SSCP, PCIP, eJPT, Security+, NSE4, ISO 27001 LI, ECIH.
    #4
    No problem.

    eLearnSecurity gets great reviews on here for it's penetration testing courses, so I would have confidence in this one.

    I'll be enrolling for some of the courses next month.

    Keep us updated on which course you find and choose.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2013
    Posts
    1,445

    Certifications
    CISSP, CISA, GWAPT, GSEC
    #5
    You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Mar 2018
    Posts
    9
    #6
    Quote Originally Posted by TechGuru80 View Post
    You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.
    Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
    Thanks
    G.
    Reply With Quote Quote  

  8. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    196

    Certifications
    CISSP, GPEN, GWAPT, eJPT, CySA+
    #7
    From what I understand, OSCP does not go too deep into Web App Testing.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: eCTHP (current)
    Five Year Plan:​ eCPPT (paused), RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ eLearnSecurity Threat Hunting Professional / Web App Hacker Handbook
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2013
    Posts
    1,445

    Certifications
    CISSP, CISA, GWAPT, GSEC
    #8
    Quote Originally Posted by garbo77 View Post
    Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
    Thanks
    G.
    ECPPT sounds like it does, or you can just jump into OSCP.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    145

    Certifications
    OSCP, OSWP, CISSP, CCNA Cyber Ops, Sec+
    #9
    While it doesn't get too deep into web pen testing, there is plenty of it. I'd even go so far as to say about 35-50% of the things you do are based in the web side of things. That said, you shouldn't find anything crazy weird. The material you get as part of the course will teach you the basics of what you need to know. Honestly, you should know a bit about windows, linux, kali linux, systems administration, lan networking...but actually performing a successful web attack or returning a shell? The course will walk you through getting your first one in those categories.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  11. Member
    Join Date
    Feb 2016
    Posts
    73

    Certifications
    eMAPT, eCPPT v1, CEH, MCP, WCSD, Qualys Certified Specialist
    #10
    As far as I remember on the OSCP labs you mostly need to exploit existing web based vulnerabilities that already have documented exploits. If you want web specific, you might want to wait for AWAE/OSWE.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    121

    Certifications
    OSCP, OSWP, GPEN, CEHv9, eJPT, A+, Security+, Linux+, CySA+, LPIC-1, CCENT, Linux Essentials
    #11
    LonerVamp is right, you do practice different web vulnerabilities but it's never too over the top. I would suggest going for OSCP and if you really want to learn more about web apps afterwards then try the eLearnSecurity WAPT course. That is the path I've taken and it's worked out well. The eLearnSecurity course is great but you will learn more stuff about overall pen testing from OSCP so I alwasy recommend that first.

    Let me know if you have any specific questions on the eLearnSecurity courses, I've done/in progress PTS, PTP, WAPT, DFP, PTX.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Mar 2018
    Posts
    9
    #12
    First of all I want to thank all of you for the answers.
    I have already had the OSCP training, I am preparing for the exam.
    In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
    I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
    Can the WAPT add really a value?

    Thanks Again
    G.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Feb 2017
    Location
    Washington
    Posts
    121

    Certifications
    OSCP, OSWP, GPEN, CEHv9, eJPT, A+, Security+, Linux+, CySA+, LPIC-1, CCENT, Linux Essentials
    #13
    Quote Originally Posted by garbo77 View Post
    First of all I want to thank all of you for the answers.
    I have already had the OSCP training, I am preparing for the exam.
    In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
    I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
    Can the WAPT add really a value?

    Thanks Again
    G.
    I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Mar 2018
    Posts
    9
    #14
    Quote Originally Posted by airzero View Post
    I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.
    I don't think there is any courses give us the expertise in any domain, neither eWPT or SANS. I am looking for a valuable training, something more than what has been covered by OSCP, a very good base.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks