Online Web Application Hacking Cert/Course?

naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
hey everybody,
i was wondering if there is a great online hacking course like the OSCP except its for web application security/pen-testing, if there is no cert at the end its still ok.

THANKS!!

Comments

  • IristheangelIristheangel Mod Posts: 4,133 Mod
    There you go: Ethical Hacking Syllabus and Curriculum | The Hacker Academy

    But there are also free security sites online too. I don't have the links here but I'll pull them up at work
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • kurosaki00kurosaki00 Member Posts: 973
    wow thats a pretty good link, thanks!
    meh
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    Elearnsecurity offers a great online hacking course (network, systems and web) ($399 - $700+). They're primarily known for their web application section of training:
    eLearnSecurity

    Another alternative is buying this book off of Amazon:
    The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Dafydd Stuttard, Marcus Pinto: 9781118026472: Amazon.com: Books ($30)

    and doing labs here: MDSec - On-Demand Training Labs ($7's an hour; "token" system)

    Hope this helps!
  • naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
    ya i have been looking into that course and it looks pretty good, do you know how long it would take me to complete (how long should i get the hera labs for? , and should i get the WAS360 labs?) and do you know if this has more depth in web applications then the OSCP?

    -Thanks!!
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    It's up to you how fast or slow you run through the material and comprehend it and overall, it'll depend on the amount of free time you actually have (in real life). 30 days is plenty time to do the WAS360 (Collesium) and Hera labs if you have a normal work schedule and not too many constraints but I would vie for the 30 hours option and just make sure to keep track of your lab times. They release new labs all the time so to compare plans: 1) With the 30 days option, once those run out you have to pay again to start up the labs 2) With the 30 hours option, if you have any amount of time left (whether it be today, or 10 years from now), you'll be able to access those labs and any future ones without paying again until those hours run out. I would confirm with Armando (founder of eLearnSecurity) on the second instance though.

    When comparing the OSCP labs to eLearnSecurity, I'd say it's apples and oranges. "Depth" is a relative term but from my experience, eLearn sets up their labs based on the specific technique being taught (XSS, CSRF, SQLi etc.) whereas with the OSCP, the "depth" will come from your researching and experimenting to discover and exploit web app vulnerabilities unknown to you on x, y or z "host". eLearn is very formalized and structured whereas the OSCP's exploration concept will test your wits and determination, and often times bring you to your knees. In both cases, you get lab material provided and basic concepts are laid out for you on a platform from which you can jump off of. With eLearn there is a sudo-help option in case you get stuck on a lab but with OffSec it's all about earning your place and "trying harder".

    Overall, after being in all three labs, you definitely get more breadth of machinery in the OSCP. I would think of it this way: imagine you're tasked with destroying some unknown beast in the Amazon. The eLearnSec course will prepare you to battle the beast by the book (what strategy to use, where on the map to run to for safety, etc.) but the OSCP is your actual descent into the wilderness post your parachute ride in. You'll learn as you go and eventually become king of the jungle....hopefully this makes sense? :)
  • naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
    sounds good!
    i think the 30 days is better for me since i have all the time in the world and i will probably be spending it all on the course...
    how long do you think i can finish all the material and the the cert and all the labs and the cert (i learn pretty very quickly, provided there is a good/decent teacher and i will probubly do 4-6 hours a day maybe a bit more)?
    also is the labs related to the Proffesional course thing or do i just apply what i learn in the course over there or is it that when i purchese the labs i get additional training?
    im thinking off doing the Proffesional + 30 day hera labs + 30 day WAS360 labs you think that will be enough?



    Thanks!
  • naftalirnaftalir Member Posts: 38 ■■□□□□□□□□
    so i just signed up!
  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    Nice! "Good enough" would be relative to how quickly you're comprehending the material :P

    If you've already went the Pro + 30 + 30 route (hera and WAS), it'll definitely be interesting. Some of the scenarios in WAS are pretty hilarious and definitely give you a clearer visualization of the attack vector being used to exploit the vulnerable web apps.

    If you didn't get WAS, I'd just use hack.me or download Damn Vulnerable Web App (Damn Vulnerable Web App | Free Security & Utilities software downloads at SourceForge.net) and mess around with it in an isolated VM.

    Good luck and hope to hear about your progress soon!

    *Forgot to mention that there are tons of other free vulnerable distros/apps out there (Metasploitable 1 - 2 (Offensive Security), WebGoat/Paros, De-ICE, and the list goes on and on...)
Sign In or Register to comment.