eLearnSecurity - Web Application Penetration Testing Course

the_Grinch

So I was inspired by N2IT's thread about choosing your specialization and brought the course. It actually helps that they sent me a code for 40% off of the course since I would be a returning student. I start graduate school in about two months so I'd like to have it completed by then. Going to put forth the same effort I did for my CISSP and know that if I do I will have no issues obtaining this cert. I'll post here and on my blog about the progress I make.

cyberguypr

Tagging as I also got the course. I'll be starting it in 20-25 days as I should be done with the MSISA then.

JoJoCal19

Good luck Grinch and CyberGuy. I want in on this so bad, but I'm already committed to other stuff for the rest of the year (finishing GSEC, SEC503/GCIA in August, CISM) so I can't do it.

the_Grinch

Excellent! Nice to have someone else to bounce things off of as I go through the course.

snowchick7669

Just received my 40% coupon as well. Super tempted! (I'm actually sitting on the eLearnSecurity checkout page at the moment) Now I just need to work out how to create more hours in the day to do everything I want to do...

wd40

I will try to finish my eJPT within a month, so that I can start eWAPT with you guys.

the_Grinch

Can't beat that 40%

unkn0wnsh3ll

ummm, I did received one today and can be used untill 10-Jul-2015. Out of curiosity checked the webinar on release of this new course...Looks interesting and also read Hayabusa's review on ethicalhacker.net, sounds, interesting. But not sure as I'm planning to do OSCP and this shouldn't go waste on buying and leaving aside for sometime.....
Any idea if we buy now and how long is it valid for ? I will try pinging Elearnsecurity guys......If anyone has already subscribed please do let me know...
Cheers

cyberguypr

The training does NOT expire. Buy now, use whenever you want. The lab hours count as you use them. If you do the Full version you have 180 days to take the exam. Elite gets to take the exam whenever, with no expiration for the voucher.

the_Grinch

Yeah, $720 for the elite package. I think it's worth it since OSCP doesn't cover web applications so it is definitely a nice compliment.

the_Grinch

Went through the first module which consisted of all slides (no videos). It covered what a penetration test consists of, methodologies, and what deliverables would be expect. This section was very well thought out and explained. They point out that the report is an evolving document and is something you should work on as you go. Also, they discuss speaking to your audience and what would be expected at each level (C-Level, IT, Developer). So far so good, I'll keep posting as I go.

NovaHax

I can attest to the quality. I did it back when it was version 1 and it was good. And I'm sure its only gotten better. Have fun guys.

the_Grinch

Nova how was the Mobile App course?

unkn0wnsh3ll

Hi Nova,

Good to see you got eMAPT (eLearnSecurity). I did registered for the course last year and due to my work pressure and travel, couldn't do it. I do still have the material with me....Just need to check with you how was the final exam in it....? Is it similar like eCPPT to test application or Is it different? Please do let me know, I might attempt after my OSCP.

Cheers

unkn0wnsh3ll

cyberguypr wrote: »

The training does NOT expire. Buy now, use whenever you want. The lab hours count as you use them. If you do the Full version you have 180 days to take the exam. Elite gets to take the exam whenever, with no expiration for the voucher.

Thanks Cyberguypr, Looks like I have already too much in plate ...will think about it;)

NovaHax

The eMAPT course was great. The only shortcoming was that the lab preparation module hasn't been updated from Eclipse to Android Developments Studio. But that's easy enough to adapt to.

As far as the exam...it was interesting. They give you the .apk file to load an app onto your android testing device. Then you have to write a malicious app that will dynamically exploit flaws in the test app. Unlike OSCP or eWPT (or presumably eCPPT...though I haven't taken it), your final deliverable is not a report. Instead, the final deliverable for the exam is the source code and compiled .apk file for your malicious app.

To complete the exam...you have to have a decent grasp of both live testing and reverse engineering of the APK.

Overall, I would definitely recommend the course.

UnixGuy

Good luck!

the_Grinch

Thanks! I reviewed a few items in module 2 and it was pretty interesting. Delving deep into the HTTP codes and how the entire process of a web request works.

unkn0wnsh3ll

NovaHax wrote: »

The eMAPT course was great. The only shortcoming was that the lab preparation module hasn't been updated from Eclipse to Android Developments Studio. But that's easy enough to adapt to.

As far as the exam...it was interesting. They give you the .apk file to load an app onto your android testing device. Then you have to write a malicious app that will dynamically exploit flaws in the test app. Unlike OSCP or eWPT (or presumably eCPPT...though I haven't taken it), your final deliverable is not a report. Instead, the final deliverable for the exam is the source code and compiled .apk file for your malicious app.

To complete the exam...you have to have a decent grasp of both live testing and reverse engineering of the APK.

Overall, I would definitely recommend the course.

Thanks Nova, Now it makes sense, I have to learn on reverse engineering, may be after OSCP probably I will think about it....from your reply, I understand it will be only Andriod based though the course covers both iOS and Andrios.... Am I right? Or its just during the exam they may provide any random choice on two OS ?

NovaHax

Yeah, the course covers both, but the exam is only Android.

unkn0wnsh3ll

HI Nova, Looks like though the course says iOS/Android, main exam is on Android, probably iOS Pentesting from Securitytube will add value to the career. (sorry, dont want to divert the topic)....

the_Grinch

Went through some more of the material tonight and I definitely need to brush up on my HTML and Javascript before proceeding any further.

NovaHax

the_Grinch wrote: »

Went through some more of the material tonight and I definitely need to brush up on my HTML and Javascript before proceeding any further.

Vivek's Javascript for Pentesters course is pretty good.

Javascript for Pentesters « SecurityTube Trainings