SecurityTube: Javascript for Pentesters

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
The course starts on 4/5/14:

http://www.securitytube-training.com/online-courses/javascript-for-pentesters/

Early-bird pricing is pretty cheap so I decided to go for it. Not planning for the exam, but just want to go through the videos and exercises when the course is finally released. I feel this is what would have really complemented my SANS SEC542 experience.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    This seems exciting. If I didn't have other certs and courses on my plate right now, I'd definitely give it a try.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I got a ton on my plate as well, and a month ago I was pretty sure I was going to take a break from any classes or cert prep this year.

    I'm starting SANS FOR408 next week via OnDemand, in the middle of working through an online training course for a vendor appliance, and also have FOR508 scheduled in May at SANS Security West. Then at Black Hat during August I have a couple of two-day classes I'm hitting up. The hell with it - if I'm going to dive in, it might as well be at the deep end.

    If you're not a JavaScript guy (I'm not) but want to understand pieces of scripts when looking at HTML source, this might be worth it during quick breaks, especially at this price point. Whenever I'm looking at HTTP payloads from an IDS alert, it irks me that I can't really understand the scripting portion that well and assess what's going on clearly. That's one thing that held me back when I took SANS SEC542, because if you understand at least the basics of writing JavaScript, you realize the potential scope of attacks against web apps better.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    It seems like you're always going pretty hard, done with on thing and on to the other. Very admirable, I gotta say. I'm also always biting more than I can supposedly chew and if I'm not learning something every day, I feel like I'm wasting precious time :D Some may call it an addiction but I think it is a healthy one compared to many others out there.

    This really seems like a good way to explore web apps and attacks against them. I know languages like C and Python but I am just starting with html and js. This is definitely a skill that makes a difference and I think it will be required even more in the future.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Nice find! I picked it up as I deal with web applications all day at work. Gives me a goal to complete SPSE since this would start till April!
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    I also bought into the course. Waiting for the Zip files now. Should get them shortly.
    Jinverar, TSS
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    docrice wrote: »
    If you're not a JavaScript guy (I'm not) but want to understand pieces of scripts when looking at HTML source, this might be worth it during quick breaks, especially at this price point. Whenever I'm looking at HTTP payloads from an IDS alert, it irks me that I can't really understand the scripting portion that well and assess what's going on clearly.

    For this type of thing I just ran through CodeAcademy's JavaScript course and familiarized myself with most common JavaScript functions; as you know, most of the JS stuff associated with badness will be obfuscated anyway - For that reason I also looked into common JS obfuscation techniques.

    Just another suggestion for those who don't want to open their wallets right now - I'm sure the training is good though.
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Course won't be released till April so you won't receive anything until then.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    YFZblu wrote: »

    Just another suggestion for those who don't want to open their wallets right now - I'm sure the training is good though.

    Thanks, I will look into this.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I find Vivek's videos very friendly for me. Every JavaScript book or video I've gone through always seem to expect a prerequisite out of me, but his preview videos assumed a blank enough slate that his approach works for a brain that's been hit by the dumb-hammer enough times. At this point I'll take all the hand-holding I can get.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Purchased. The syllabus is short...but I haven't been disappointed by Vivek yet.
  • amidamaruamidamaru Member Posts: 29 ■□□□□□□□□□
    Purchased here as well. Now hopping to the best preparing to the worst. :)
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Yeah...has anybody received the course material yet? I think it was supposed to be this month.
  • philz1982philz1982 Member Posts: 978
    I just subscribed sounds fun.
  • ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    Hello,

    I just started the XSS challenges module and since there's no official forum associated with this course I was wondering if I could throw in a question about a challenge.
    Anyone else started this and is not a beginner like me ? :)

    Thanks!
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    I've got it and do pentesting professionally. Unfortunately, I've got a book deadline and won't be able to get started until next weekend. What's your question though? Maybe I can still help.
  • shajeershajeer Member Posts: 13 ■□□□□□□□□□
    I just enorlled for this security tube javascript for pentesters
  • ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    Thank you very much Nova!
    I answered myself this morning in the shower :))
    Apparently it was one of those moments when my mind froze and actively refused to think.
    I can't stop laughing at how silly my question was :)
  • chopstickschopsticks Member Posts: 389
    shajeer, similarly, I enrolled too icon_thumright.gif
  • shajeershajeer Member Posts: 13 ■□□□□□□□□□
    chopsticksicon_thumright.gif

    however , i hanvnt received any update from them about the book/files
  • chopstickschopsticks Member Posts: 389
    shajeer, you need to send them an email to notify them that you did not receive their course work yet.
  • shajeershajeer Member Posts: 13 ■□□□□□□□□□
    thanks chopstick..

    received on the email..and downloading now.. icon_wink.gif
  • chopstickschopsticks Member Posts: 389
    shajeer, oh great! I'm watching the videos now, it's very interesting :)
Sign In or Register to comment.