Question about Web Application Penetration Testing - WAPT

si20si20 Member Posts: 543 ■■■■■□□□□□
Hi guys,

I'm curious to know whether anyone can tell me more about the WAPT course that elearnsecurity offer? I did the OSCP in 2014 and honestly - it helped me get a job in a SOC, but did little to nothing for a pentesting job - purely because most pen-testing companies want web-app pentesters.

So that leaves me with two choices: self-study and somehow learn web-app pentesting, or get a course that'll boost me right into what I need to be studying - although there's a cost to it.

So I guess what i'm asking is this: Is the WAPT course worth it? Do you think it's realistic to pass it and become a junior pen-tester? If i'm wasting my time, don't be afraid to say. At this point in my career, pen-testing seems like the only thing that'll be an enjoyable job and if I can't get into that, then I think I need to re-assess my decision to work in IT.


  • Options
    yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Wondering about this myself.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • Options
    EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    I can't speak to the course. But if you're looking for something to self-study web app pen testing, you could download Webgoat. It's basically a web-based version of Metasploitable. And they have "lessons" for you to go through. They don't really teach you anything, but they provide goals to accomplish. So as long as you already have a basic understanding of the tools (with an OSCP, you should), you can get some practice in that way.
  • Options
    slinuxuzerslinuxuzer Member Posts: 665 ■■■■□□□□□□
    Don't underestimate the power of leveraging your employer, first, start by coming up with a case for them to send you to instructor lead training - SANs has a top reputation and teaches web application pentesting. Also, take a look at your companies educational reimbursement policy, SANs.edu offers postgraduate certificates in Pentesting, and web app courses, so all that may be required is for you to leverage your company. I personally have had a lot of success over the years attaining training through my employer, its free to ask.
Sign In or Register to comment.