Options
Free training resource, requesting feedback re: web app security + pentesting
fheisler
Member Posts: 7 ■□□□□□□□□□
Hey all, I'd like to 1) share a free (while we're in beta) hands-on training resource that will hopefully be of immediate use to those of you just starting your journey and 2) get a feel for where you think there's the largest need in terms of infosec training + certification.
I run White Hat Academy, an infosec training group where we've begun developing a platform to provide hands-on, practical infosec training through a Codecademy-like interface. I'll name a couple things that are the initial focus, and would love to hear back if these are of particular interest or if you'd like to see something else:
- web app security: we're building a course around *modern* web apps and the upcoming OWASP 2017 Top 10; nothing currently available covers the topics and technologies that most employers actually use and care about. In addition to courses/labs and challenges, we're planning to offer a new practical certification focused on modern web app security; WAPT is outdated, OSWE is generally outdated + unavailable, and most other options are multiple-choice academic jokes. Given that wider industry recognition is a pre-req for a cert to become valuable (and we've already had a couple dozen employers sign on that this is a good idea), would this cert be of interest? Would you rather just have a monthly subscription to lots of guided practice + "hack this"-style apps?
- junior pen testing (not web-specific): a lot of our students ask for extra guided practice to help them prep for more involved pentesting + typically the very "self-guided" OSCP. We're considering whether another more junior certification would make sense here as well. The eJPT/eCPPT are... okay, but not great. Would another more junior, practical pentesting certification be of use? Would you rather have more guided materials, a large array of more difficult practice challenges, something else as you prep and grow your pentesting chops?
- we're creating lots of "how to"-style written material + mostly focused on hands-on practice labs. I'm not big on learning tech from videos; it's too easy to tune out, and too difficult to keep the material up to date. Any strong feelings about the form the content takes?
And getting back to point 1, offering the current resource available... To check out our prototype, which includes some basic content on hacking tool (metasploit, etc) as well as a lot of generally useful IT and scripting practice (bash, user permissions, etc), you can sign up for free at https://ex.whitehat.academy - if you have any suggestions or run into any issues on the platform itself, please let me know. Thanks for any and all feedback!
I run White Hat Academy, an infosec training group where we've begun developing a platform to provide hands-on, practical infosec training through a Codecademy-like interface. I'll name a couple things that are the initial focus, and would love to hear back if these are of particular interest or if you'd like to see something else:
- web app security: we're building a course around *modern* web apps and the upcoming OWASP 2017 Top 10; nothing currently available covers the topics and technologies that most employers actually use and care about. In addition to courses/labs and challenges, we're planning to offer a new practical certification focused on modern web app security; WAPT is outdated, OSWE is generally outdated + unavailable, and most other options are multiple-choice academic jokes. Given that wider industry recognition is a pre-req for a cert to become valuable (and we've already had a couple dozen employers sign on that this is a good idea), would this cert be of interest? Would you rather just have a monthly subscription to lots of guided practice + "hack this"-style apps?
- junior pen testing (not web-specific): a lot of our students ask for extra guided practice to help them prep for more involved pentesting + typically the very "self-guided" OSCP. We're considering whether another more junior certification would make sense here as well. The eJPT/eCPPT are... okay, but not great. Would another more junior, practical pentesting certification be of use? Would you rather have more guided materials, a large array of more difficult practice challenges, something else as you prep and grow your pentesting chops?
- we're creating lots of "how to"-style written material + mostly focused on hands-on practice labs. I'm not big on learning tech from videos; it's too easy to tune out, and too difficult to keep the material up to date. Any strong feelings about the form the content takes?
And getting back to point 1, offering the current resource available... To check out our prototype, which includes some basic content on hacking tool (metasploit, etc) as well as a lot of generally useful IT and scripting practice (bash, user permissions, etc), you can sign up for free at https://ex.whitehat.academy - if you have any suggestions or run into any issues on the platform itself, please let me know. Thanks for any and all feedback!
Comments
-
Optionsfheisler
Member Posts: 7 ■□□□□□□□□□
Apologies for posting twice! This one froze on me, so I thought it hadn't gone through before.
-
Options
tedjames
Member Posts: 1,179 ■■■■■■■■□□
This sounds great! I'm in the kind of "junior" mode, still trying a lot of things and hoping to figure out what I want to be when I grow up. I am getting more interested in web app security. Burp Suite is an amazing tool. I'm learning a lot from eJPT and augmenting that with https://thenewboston.com/ I like written materials as long as they are more than just steps 1-10 without examples. I want to be shown what I can expect to see. I really love Bucky Roberts' (The New Boston) training style. If the video is done right, and if it comes with a well written accompanying training guide, I benefit most from the combination.
If you need a technical editor who understands security, I have 20+ years of experience as a technical writer/editor. -
Options
aakashc1 Member Posts: 41 ■■□□□□□□□□
This is my review so far about this website.
I signup today as soon as i read this thread and check Pentesting Section
There is 3 options till ->
1. Pcap analysis with tshark
2. Scanning with nmap
3. Tcpdump basics
I took 3rd one "Tcpdump basics" and i feel very happy after took this tutorial and learned really basics of tcpdump. I feel like there will be more about tcpdump as i seen practically tutorial here and enjoyed it very much.
Please provide more and i wish your website help us in future a lot as i am preparing for OSCP
Thanks -
Optionsjaguaar
Member Posts: 58 ■■□□□□□□□□
Thank you very much for the thread and free training resource. I will like to do a test drive soon