Attended SANS SEC 542 Web App Penetration Testing and Ethical Hacking class in Washington DC at the Grand Hyatt from December 12 – 17 2014.
The instructor was Eric Conrad, and the class was fairly decent, and is a good start for anyone wanting to learn web application pentesting. I already had some extensive knowledge of web app testing, but decide to take the course anyways to see what SANS course were like.
Learned a few things, but primarily new most of the course material, most of the new things I learned are tool related. I do not usually use ZAP or W3AF, and since we used them in class I learned a few things about them and their capabilities.
There was a wide variety of people in the class, with about 30 students in the class room and about 15 online students. We had some that had no pentesting abilities, and some with a couple years experience.
The class was a six day course:
- DAY 1 : Attacker’s View, Pentesting and Scoping
- DAY 2 : Recon & Mapping
- DAY 3 : Discovery
- DAY 4 : Discovery Continued
- DAY 5 : Exploitation
- DAY 6 : Capture the Flag
My team completed the CTF first, but Eric Conrad could not decide who yelled out first so he called it a tie with the team sitting just behind us.
The biggest things I learned from the class was actually not taught in the class room, it was talking to the people there who are doing pentesting and works in the security community. Plus the additional talks that were held after classes were well worth staying up late and not going sight seeing around DC.
Now I just need to figure out how to get my boss to allow me to attend another one next year.