November 9, 2009
Posted by on
After almost a year I’ve finally managed to take the GWAPT (Web Application Penetration Tester) exam, just in time to head to SANS London and the Security Essentials class. I have mixed feelings on the exam. Even though I passed with a good mark (96.67%), the 5 that I got wrong were (in my opinion) a little questionable. Still, I’m sure I’ll hit the holy grail (100%) sooner or later It will just take time, and patience.
I can’t finish this post without saying a little something about the OnDemand program. The new OnDemand system is certainly a step in the right direction. As SEC-542 is one of the first on the BETA OnDemand it lacks the additional links that will come with maturity. I think that the OnDemand option of training has become more of an option than previously. The support you get is also great, especially as Kevin is very approachable. If all else fails you can shoot me an email and I’ll see if I can help. Hopefully this will be the class I’ll be Mentoring in Vienna next year (given the chance).
Overall I’d give the class 95/100 –> There’s room for some additional coverage of things like JBoss, Coldfusion and Tomcat. Still you can’t fit everything into 6 days I can’t wait for SEC-642, for some advanced WebApp fu.
GWAPT Certified Professionals –> LISTING
GWAPT Exam Coverage –> Coverage
June 6, 2009
Posted by on
Yes, this isn’t a mistake, and I’ve not been drinking. I received a nice email from the people at EC-Council letting me know that the “EC-Council Courseware certified to have met the CNSS Standards by the United States National Security Agency (NSA) and the Committee on National Security Systems (CNSS)”. The press release goes on to detail the EC-Council courses (including CEH, ECSA and LPT) that have been been certified to meet the training requirements for information security professionals in federal government.
My first reaction was that this must be come kind of scam. I was waiting for the part where they ask me for my credit-card number so I can receive a new certificate and security level. Alas, this was not to be. Those who’ve read my blog or my articles know that my view on EC-Council and in particular their CEH, ECSA/LPT track isn’t a good one. I’ve been through the training and to this date (maybe for not much longer) I’m still certified as a CEH and ECSA. I’ve refused to pay the $500 a year required to be an LPT however, as, well, it’s a farce. Still, back to the point. I’m not sure what changes EC-Council have made since my experiences with version 5 of the CEH course, but from what I’ve heard and read, they’ve only increased the size of the course and done nothing to improve the low quality of the training and material.
I’m not sure what the thinking behind this certification was, however I’d love to hear your opinions. Does this change your view on the quality of CEH candidates ? or has it just lowered your opinion of the technical competence of the NSA. I know where my feelings on the matter lie.
EC-Council Press Release –> HERE
December 10, 2008
Posted by on
Well, sometime while I was in London it seems the new Hakin9 magazine hit the shelves. Somewhere in there is an article I wrote a few months back on security training. I hope it helps people that are looking at the options. Maybe I’ll revisit the topic in another 12 months to look at the OSCP and a few of the more specific SANS courses.
Overall I’m happy with the article, although somewhere between proof reading and print “C|EH” turned into “CIEH” it seems. Still, I hope that everything else is ok. Let me know your thoughts…. constructive criticism is always welcomed.