Web Application Penetration Testing Course
garbo77
Member Posts: 11 ■□□□□□□□□□
Hi Everyone and nice to meet you.
I have passed the CEH, CHFI and now I am preparing the OSCP Exam.
I am looking for a very good practical training fully dedicated to the Web App Pentest.
Does anyone have any suggestion?
Many thanks
Regard
G.
I have passed the CEH, CHFI and now I am preparing the OSCP Exam.
I am looking for a very good practical training fully dedicated to the Web App Pentest.
Does anyone have any suggestion?
Many thanks
Regard
G.
Comments
-
ansionnachcliste
Member Posts: 71 ■■■□□□□□□□
Please excuse my lazy posting
.
See below:
https://www.elearnsecurity.com/course/web_application_penetration_testing/ -
garbo77
Member Posts: 11 ■□□□□□□□□□
I was actually looking at it but since I never heard about eLearnSecurity I would like also to have some review if possible
BTW thanks for the input -
ansionnachcliste
Member Posts: 71 ■■■□□□□□□□
No problem.
eLearnSecurity gets great reviews on here for it's penetration testing courses, so I would have confidence in this one.
I'll be enrolling for some of the courses next month.
Keep us updated on which course you find and choose. -
TechGuru80
Member Posts: 1,539 ■■■■■■□□□□
You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.
-
garbo77
Member Posts: 11 ■□□□□□□□□□
TechGuru80 wrote: »You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.
Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
Thanks
G. -
supasecuritybro
Member Posts: 206 ■■■■□□□□□□
From what I understand, OSCP does not go too deep into Web App Testing.Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
Current Goal: CCSE
Continuous Education Plan: AWS-SAA, OSCP, CISM
Book/CBT/Study Material: Max Power -
TechGuru80
Member Posts: 1,539 ■■■■■■□□□□
ECPPT sounds like it does, or you can just jump into OSCP.Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
Thanks
G. -
LonerVamp
Member Posts: 518 ■■■■■■■■□□
While it doesn't get too deep into web pen testing, there is plenty of it. I'd even go so far as to say about 35-50% of the things you do are based in the web side of things. That said, you shouldn't find anything crazy weird. The material you get as part of the course will teach you the basics of what you need to know. Honestly, you should know a bit about windows, linux, kali linux, systems administration, lan networking...but actually performing a successful web attack or returning a shell? The course will walk you through getting your first one in those categories.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
ottucsak
Member Posts: 146 ■■■■□□□□□□
As far as I remember on the OSCP labs you mostly need to exploit existing web based vulnerabilities that already have documented exploits. If you want web specific, you might want to wait for AWAE/OSWE. -
airzero
Member Posts: 126
LonerVamp is right, you do practice different web vulnerabilities but it's never too over the top. I would suggest going for OSCP and if you really want to learn more about web apps afterwards then try the eLearnSecurity WAPT course. That is the path I've taken and it's worked out well. The eLearnSecurity course is great but you will learn more stuff about overall pen testing from OSCP so I alwasy recommend that first.
Let me know if you have any specific questions on the eLearnSecurity courses, I've done/in progress PTS, PTP, WAPT, DFP, PTX. -
garbo77
Member Posts: 11 ■□□□□□□□□□
First of all I want to thank all of you for the answers.
I have already had the OSCP training, I am preparing for the exam.
In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
Can the WAPT add really a value?
Thanks Again
G. -
airzero
Member Posts: 126
First of all I want to thank all of you for the answers.
I have already had the OSCP training, I am preparing for the exam.
In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
Can the WAPT add really a value?
Thanks Again
G.
I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics. -
garbo77
Member Posts: 11 ■□□□□□□□□□
I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.
I don't think there is any courses give us the expertise in any domain, neither eWPT or SANS. I am looking for a valuable training, something more than what has been covered by OSCP, a very good base.
