Web Application Penetration Testing Course

Hi Everyone and nice to meet you.
I have passed the CEH, CHFI and now I am preparing the OSCP Exam.
I am looking for a very good practical training fully dedicated to the Web App Pentest.
Does anyone have any suggestion?
Many thanks
Regard
G.

Find more posts tagged with

Comments

ansionnachcliste

Please excuse my lazy posting

.

See below:

https://www.elearnsecurity.com/course/web_application_penetration_testing/

garbo77

I was actually looking at it but since I never heard about eLearnSecurity I would like also to have some review if possible

BTW thanks for the input

ansionnachcliste

No problem.

eLearnSecurity gets great reviews on here for it's penetration testing courses, so I would have confidence in this one.

I'll be enrolling for some of the courses next month.

Keep us updated on which course you find and choose.

TechGuru80

You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.

garbo77

TechGuru80 wrote: »

You probably would be better served with a network pentest course that touches web apps rather than a full on web app course...at least in preparation for OSCP as it is much more network focused.

Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
Thanks
G.

supasecuritybro

From what I understand, OSCP does not go too deep into Web App Testing.

TechGuru80

garbo77 wrote: »

Do you have any suggestion for a Pentest course that touches webapps in preparation for OSCP?
Thanks
G.

ECPPT sounds like it does, or you can just jump into OSCP.

LonerVamp

While it doesn't get too deep into web pen testing, there is plenty of it. I'd even go so far as to say about 35-50% of the things you do are based in the web side of things. That said, you shouldn't find anything crazy weird. The material you get as part of the course will teach you the basics of what you need to know. Honestly, you should know a bit about windows, linux, kali linux, systems administration, lan networking...but actually performing a successful web attack or returning a shell? The course will walk you through getting your first one in those categories.

ottucsak

As far as I remember on the OSCP labs you mostly need to exploit existing web based vulnerabilities that already have documented exploits. If you want web specific, you might want to wait for AWAE/OSWE.

airzero

LonerVamp is right, you do practice different web vulnerabilities but it's never too over the top. I would suggest going for OSCP and if you really want to learn more about web apps afterwards then try the eLearnSecurity WAPT course. That is the path I've taken and it's worked out well. The eLearnSecurity course is great but you will learn more stuff about overall pen testing from OSCP so I alwasy recommend that first.

Let me know if you have any specific questions on the eLearnSecurity courses, I've done/in progress PTS, PTP, WAPT, DFP, PTX.

garbo77

First of all I want to thank all of you for the answers.
I have already had the OSCP training, I am preparing for the exam.
In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
Can the WAPT add really a value?

Thanks Again
G.

airzero

garbo77 wrote: »

First of all I want to thank all of you for the answers.
I have already had the OSCP training, I am preparing for the exam.
In my opinion, looking at the OSCP Labs, there are a lot of web based vulnerabilities and even if most of them are good explained in the course, I would like to have more specific training, not just to prepare the OSCP but also for the future.
I was looking at SANS but they are really expensive; are they really so good compared to the WAPT?
Can the WAPT add really a value?

Thanks Again
G.

I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.

garbo77

airzero wrote: »

I wouldn't say that the eWPT certification will be of much value in it's current status. But the knowledge you learn is definitley valuable and they do a great job of breaking down the concepts and teaching you the underlying concepts. But don't expect to be an expert web app tester as it still covers the basics.

I don't think there is any courses give us the expertise in any domain, neither eWPT or SANS. I am looking for a valuable training, something more than what has been covered by OSCP, a very good base.