RE: Certification in Web application security

From: Steve Armstrong (stevearmstrong@logicallysecure.com)
Date: Fri Feb 22 2008 - 11:40:23 EST

• Next message: Matheus Michels: "Split Kismet log file"
• Previous message: Jay: "SessionId Prediction - Classic ASP - Tool?"
• In reply to: whitehat: "Certification in Web application security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Whiehat,

I am sure GWAS has not gone, as I only finished the exam 4 hours ago!

However, the exam/certification is for the 2 day Web Application
Security Workshop SEC-519.
The STAR certificate is for course SEC-419, so it is the same subject
but less detailed. Level 5xx are more challenging than level 4xx ones.

As far as I can see the course still runs (next one:
http://www.sans.org/link.php?id=790&mid=1032&portal=ec27e8472abb638477e0
9688196db607).

Personally, I don't rate CEH or CISSP for its Web App testing and would
not consider a holder as having any proven skills in web app hacking -
both are too general and broad to cover in detail all the various parts
of web app testing. (I say this with personal experience as I do hold
both).

If you don't want to do the SANS courses then try some other vendors for
country specific courses - I don't know where you live so I cannot give
you any examples, but BlackHat so some cool training courses - usually
by the likes of Foundstone or Sensepost these are highly rated and
respected as they are real hands on rather than powerpoint based
courses.

HTH

Steve A

---------

Insert list of certificates and certifications here
Insert witty line about Linux and windows here

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of whitehat
Sent: 21 February 2008 15:31
To: pen-test@securityfocus.com
Subject: Certification in Web application security

Hi List,

I would like to do a Certification in Web Application Security.
As I wanted to do GWAS before but it is no more as GWAS now and STAR
instead.
I'm in confusion now, so which certification you would like to suggest
me.

Cheers,

Whiehat.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Matheus Michels: "Split Kismet log file"
• Previous message: Jay: "SessionId Prediction - Classic ASP - Tool?"
• In reply to: whitehat: "Certification in Web application security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:25 EDT