Options

Web Application Penetration Testing Course

garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
Hi Everyone and nice to meet you.
I have passed the CEH, CHFI and now I am preparing the OSCP Exam.
I am looking for a very good practical training fully dedicated to the Web App Pentest.
Does anyone have any suggestion?
Many thanks
Regard
G.

Comments

  • Options
    ansionnachclisteansionnachcliste Member Posts: 71 ■■■□□□□□□□
  • Options
    garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
    I was actually looking at it but since I never heard about eLearnSecurity I would like also to have some review if possible :)
    BTW thanks for the input
  • Options
    ansionnachclisteansionnachcliste Member Posts: 71 ■■■□□□□□□□
    No problem.

    eLearnSecurity gets great reviews on here for it's penetration testing courses, so I would have confidence in this one.

    I'll be enrolling for some of the courses next month.

    Keep us updated on which course you find and choose.
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.
  • Options
    garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
    TechGuru80 wrote: »
    You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.

    Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
    Thanks
    G.
  • Options
    supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    From what I understand, OSCP does not go too deep into Web App Testing.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    garbo77 wrote: »
    Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
    Thanks
    G.
    ECPPT sounds like it does, or you can just jump into OSCP.
  • Options
    LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    While it doesn't get too deep into web pen testing, there is plenty of it. I'd even go so far as to say about 35-50% of the things you do are based in the web side of things. That said, you shouldn't find anything crazy weird. The material you get as part of the course will teach you the basics of what you need to know. Honestly, you should know a bit about windows, linux, kali linux, systems administration, lan networking...but actually performing a successful web attack or returning a shell? The course will walk you through getting your first one in those categories.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Options
    ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    As far as I remember on the OSCP labs you mostly need to exploit existing web based vulnerabilities that already have documented exploits. If you want web specific, you might want to wait for AWAE/OSWE.
  • Options
    airzeroairzero Member Posts: 126
    LonerVamp is right, you do practice different web vulnerabilities but it's never too over the top. I would suggest going for OSCP and if you really want to learn more about web apps afterwards then try the eLearnSecurity WAPT course. That is the path I've taken and it's worked out well. The eLearnSecurity course is great but you will learn more stuff about overall pen testing from OSCP so I alwasy recommend that first.

    Let me know if you have any specific questions on the eLearnSecurity courses, I've done/in progress PTS, PTP, WAPT, DFP, PTX.
  • Options
    garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
    First of all I want to thank all of you for the answers.
    I have already had the OSCP training, I am preparing for the exam.
    In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
    I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
    Can the WAPT add really a value?

    Thanks Again
    G.
  • Options
    airzeroairzero Member Posts: 126
    garbo77 wrote: »
    First of all I want to thank all of you for the answers.
    I have already had the OSCP training, I am preparing for the exam.
    In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
    I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
    Can the WAPT add really a value?

    Thanks Again
    G.

    I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.
  • Options
    garbo77garbo77 Member Posts: 11 ■□□□□□□□□□
    airzero wrote: »
    I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.

    I don't think there is any courses give us the expertise in any domain, neither eWPT or SANS. I am looking for a valuable training, something more than what has been covered by OSCP, a very good base.
Sign In or Register to comment.