Offensive Security: Advanced Web Attacks and Exploitation New content for 2020 - get 50% more

chrisonechrisone Senior MemberMember Posts: 2,101 ■■■■■■■■■□
Looks like the AWAE course has been updated this year with %50 more content. Same pricing. 

WHAT’S NEW IN AWAE FOR 2020?

New

  • Material
    • XML external entity injection
    • Weak random token generation
    • DOM XSS
    • Server side template injection
    • Command injection via websockets (black box material)
  • Labs: Three new private exercise machines with custom web apps
  • Updated control panel
 

In AWAE, students will learn how to:

  • Perform a deep analysis on decompiled web app source code
  • Identify logical vulnerabilities that many enterprise scanners are unable to detect
  • Combine logical vulnerabilities to create a proof of concept on a web app
  • Exploit vulnerabilities by chaining them into complex attacks
Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
2020 Goals:
Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (Oct-Dec)
Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (Mid-Sept), eLearnSecurity: eCPTXv2 (Dec)

Comments

  • yoba222yoba222 Senior Member Member Posts: 1,179 ■■■■■■■■□□
    "...48 hour exam ... "

    Did it used to be 48 hours?
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    Nice, continuing to tempt me to commit to it. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • charliemikecharliemike OSCP, OSWP, CISSP, GPEN, GCIH, GSEC, PenTest+, CySA+, SEC+, NET+, C|EH Registered Users Posts: 3 ■■□□□□□□□□
    Anyone currently doing this course or did the old one? I'm looking at taking this one in the coming months (possibly next month) and I am trying to decide how to prepare for it. Is 30 days enough for lab time? I heard previously that 30 days was plenty of time for the AWAE and CTP labs. 
  • chrisonechrisone Senior Member Member Posts: 2,101 ■■■■■■■■■□
    If you already have a few years experience of web app pentesting, then I could see 30 days being doable. 

    With the little experience I have with this path, I spent a month studying wetw0rk study guide to prep for the AWAE course. I was only able to touch 25% of the prep work "experience" one should have before attempting AWAE. I had a hard time understanding that little 25% within the month.  I felt I needed a good 3-4 months of this prep work before attempting the AWAE course which I heard is dry and a lot of code review. Without prior experience I would find it hard for anyone to pass this cert within 30 days. 

    Not an authoritative statement, just my little experience and what I have read from other people experience. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (Oct-Dec)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (Mid-Sept), eLearnSecurity: eCPTXv2 (Dec)
  • charliemikecharliemike OSCP, OSWP, CISSP, GPEN, GCIH, GSEC, PenTest+, CySA+, SEC+, NET+, C|EH Registered Users Posts: 3 ■■□□□□□□□□
    edited August 13
    So you recommend 60 days for AWAE or the full 90? How many lab machines are there in the lab? I heard it was maybe like 7 or something. I also heard this course was more white box source code review like you said, less black box break into a computer kind of stuff like we saw with OSCP. 
  • chrisonechrisone Senior Member Member Posts: 2,101 ■■■■■■■■■□
    I would be honest in telling you don't take my advice as truth. I do not know anything about the course or the exam. I was just stating a lot of people look for some sort of preparation before going into AWAE because it is really really hard. If you are experienced in web app pentesting then do the 30 days. Only you can really answer that question.

    If it were me, I would need
    • 3-4 months doing the AWAE prep from wetw0rks. 
    • Possibly another added 2 months doing Burp Suite free online courses and triple-reading "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition."  
    • I would also consider another month of webapp pentesting vms or online pentesting challenges (pentesterlabs, pentester academy active defense labs, other materials I am sure are out there) for hands-on. 
    • Then I would get the 60 day lab minimum or 90 day if I could afford it. 
    It is an expert level course, walking into it without any web app experience would be a very rough challenge. Especially 30 days only. With minimum web app pentesting experience I would recommend you expect to spend 6 months minimum on this journey. 

    In any case, do what you feel is right based on your experience. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (Oct-Dec)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (Mid-Sept), eLearnSecurity: eCPTXv2 (Dec)
Sign In or Register to comment.