Advanced Web App Penetration Testing Training(SEC642) VS Advanced Web Attacks and Exploitation(AWAE)

What are peoples experience with SEC642 and AWAE. Which is considered the most advanced, the most cutting egde, how is the study material, how well known are the two?

I have taken SANS courses and GIAC certs before - I like there courses, and the Exams are ok. But i enjoy the OSCP hands on exam approach allot more because it felt like i had to use all the knowledge i learned. However the SANS course and teachers where bar none, the best security education experience i have tried - ofcourse it also costs allot more to take a SANS course.

I am also interested in knowing if there are any really solid MOOC / eLearning options in this space on coursera or other elearning* / MOOC platforms that people can recommend.

*I have taken and the WAPT and eWAPT from ELS already

Find more posts tagged with

GIAC

SANS

AWAE

SEC642

Offensive Security

Comments

LonerVamp

I think the key to answering your question may be what you mean by "...most advanced, most cutting edge..." I find it a little weird that people expect their curated, reviewed, and exam-driven courses to teach high-end hacking with the latest techniques. That or I just am not sure what you mean. I'd conjecture that most of the really new stuff you either learn on the job through team-sharing and practice, or you'd become a developer and see the cutting edge tech firsthand...and poke holes into it.

I'd say look at the syllabuses for each course and see which topics you already know or do not know. And then google up reviews on AWAE (dated within the past 6 months) and SEC642 (probably expand to the past 2 years) and see what others say about what they brought to the table as far as experience and what they got out of it.

I have not taken either, but I expect AWAE to be a little more example-driven using vulns the authors found, though those examples might be a few years old.

RHL

Hi, LonerVamp,

I agree that my wording might be a little off here. I do agree that some material is fundamental and sometimes it makes sense to learn eventhough its old. However there are other techniques or technologies that can be outdated and more or less useless to learn at this point in time and that in certain course material is still present. I haven taken about 12 digital security courses and certifications, and i have found that there can be a big difference in how current and usefull the materiale is (Syllabus overview does not always reveal this).

I must admit i have looked at other reviews both here and on other forums. However i was fishing after someone who might have gone through both courses and could compared them.