Penetration Testing mailing list archives
RE: Certification in Web application security
From: "Steve Armstrong" <stevearmstrong () logicallysecure com>
Date: Fri, 22 Feb 2008 16:40:23 -0000
Whiehat, I am sure GWAS has not gone, as I only finished the exam 4 hours ago! However, the exam/certification is for the 2 day Web Application Security Workshop SEC-519. The STAR certificate is for course SEC-419, so it is the same subject but less detailed. Level 5xx are more challenging than level 4xx ones. As far as I can see the course still runs (next one: http://www.sans.org/link.php?id=790&mid=1032&portal=ec27e8472abb638477e0 9688196db607). Personally, I don't rate CEH or CISSP for its Web App testing and would not consider a holder as having any proven skills in web app hacking - both are too general and broad to cover in detail all the various parts of web app testing. (I say this with personal experience as I do hold both). If you don't want to do the SANS courses then try some other vendors for country specific courses - I don't know where you live so I cannot give you any examples, but BlackHat so some cool training courses - usually by the likes of Foundstone or Sensepost these are highly rated and respected as they are real hands on rather than powerpoint based courses. HTH Steve A --------- Insert list of certificates and certifications here Insert witty line about Linux and windows here -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of whitehat Sent: 21 February 2008 15:31 To: pen-test () securityfocus com Subject: Certification in Web application security Hi List, I would like to do a Certification in Web Application Security. As I wanted to do GWAS before but it is no more as GWAS now and STAR instead. I'm in confusion now, so which certification you would like to suggest me. Cheers, Whiehat. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Certification in Web application security whitehat (Feb 21)
- Re: Certification in Web application security Jarrod Frates (Feb 22)
- RE: Certification in Web application security Steve Armstrong (Feb 22)
- <Possible follow-ups>
- Re: Certification in Web application security Yousif (Feb 22)