search
top
Currently Browsing: Reviews

Review of SEC545 Cloud Security Architecture and Operations

SEC545: Cloud Security Architecture and Operations

Just recently I went to attend a local SANS Community class in my city. For those that are not aware, SANS Community classes are usually smaller classes with 5-10+ students. It’s a small venue with more of a small class size, but the material would be the same that SANS would teach on vLive, OnDemand, or at a SANS conference.

I can say that the SEC545: Cloud Security Architecture and Operations class is VERY popular. There were many students there that were not hardcore SANS enthusiasts such as myself. Many people were there on the basis that companies are all now starting to move to the cloud. And, many companies are worried about the security implications of moving, and with larger concerns on if the architecture is not setup and configured correctly.

The class was very much AWS focused, which was great for me in terms of learning AWS. However, Read The Full Post

SEC 542 SANS Course Review

SEC 542 SANS Course Review

So I wanted to post a blog post on my experience related to the SEC 542 course. This way I can share my experience out there with others, and hopefully give others insight to see if the course is a right fit for them too.

Now because I took the vLive course, my course was not a 4-6 day course. This course was actually completed over 6+ weeks with 2 class sessions per a week. This was an excellent course, very well designed and presented out to students. There were things I already knew and had experienced. But, there were a lot of tools that were introduced in the course, which I had not used or heard of before. And, these tools definitely help save some time especially when it comes down to recon.

I’ll briefly list some of the things you learn during each week, but for the full list you’ll have to take the course for yourself. Trust me, it’s an awesome course! Read The Full Post

Passing The GWAPT Exam

Passing The GWAPT Exam

So, I finally went for it and attempted the GIAC GWAPT exam and passed it! I’ve been conducting some pen tests prior to taking the SANS SEC 542 course and the GWAPT exam. The course taught me many new things, and gave me a new perspective, and insight when it comes to web application pen testing. This blog post is to share my experience on how to best prepare for taking the GWAPT exam.

Should I take this exam or challenge the GWAPT ?

Many people will ask themselves this very same question. The best answer really depends on what your career goals are for your future. If you plan on being a pen tester, then this is a must at least if you are new or an intermediate to web pen testing. These days the Internet is filled with web applications, and now with more data and applications placed in the cloud. WebApp pen testing is a skill in demand and will be needed to test anything open to the public via the cloud.

Studying

Read The Full Post

Passing the CISA exam

Passing the CISA exam – Certified Information Systems Auditor

So I though it would be interesting to post up a blog post about my experience challenging the the CISA exam last year in 2016.

I had started this blog a bit afterwards, and never really thought about posting my experience. But, many others have always asked about my experience taking the CISA exam ,and if there were any tips I could give them to better their chances of passing the exam.  My hope is this post helps those that end up reading this and gives them a better insight on the adventure of obtaining the ISACA CISA certificate.

Preparing for the CISA exam

(more…)

Why No Padlock?

SSL Scanning Websites

So today, I came across a website that does a quick SSL test on your website.

Anyone with a website should really be running this tool. I actually did find a few minor issues and was able to gather some info about it.

Our Results

Here is what we got for our results:

whynopadlock

whynopadlock

 

It’s looking good for us and especially since we have forced all our internal links to make use of HTTPS

I also wanted to list a bad result as shown below.

(more…)

top