search
top


SEC 542 SANS Course Review

SEC 542 SANS Course Review

So I wanted to post a blog post on my experience related to the SEC 542 course. This way I can share my experience out there with others, and hopefully give others insight to see if the course is a right fit for them too.

Now because I took the vLive course, my course was not a 4-6 day course. This course was actually completed over 6+ weeks with 2 class sessions per a week. This was an excellent course, very well designed and presented out to students. There were things I already knew and had experienced. But, there were a lot of tools that were introduced in the course, which I had not used or heard of before. And, these tools definitely help save some time especially when it comes down to recon.

I’ll briefly list some of the things you learn during each week, but for the full list you’ll have to take the course for yourself. Trust me, it’s an awesome course!

Week 1

The first week you spend a lot of time learning recon skills. Before you can find vulnerabilities and use exploits. You need to gain information about your in scope targets that are part of you web pen test plan. There are a huge amount of tools out there and you will learn about many of them. And, how you can best make use of each tool to give you the best recon information.

Week 2

This week looks more into different authentication methods, as well as tools used for web application testing. If you haven’t already, you may want to brush up on your burpsuite and zap skills. I had lot’s of experience with burpsuite already, but ZAP was fairly new to me.

Week 3

Week 3 looks into injecting code into servers/applications and being able to run your own code. Also, SQL injection is important and you’ll learn it VERY well during week 3. This is where I really got to see the power of something like sqlmap, and the type of information it can help you obtain and gain access too.

Week 4

Week 4 explores JavaScript and XSS. These are two major and prevalent types of attack methods and entry points. By the end of this week you’ll know the different types of XSS attacks, and get a better taste of using tools like ZAP and Burpsuite to help test and fine these vulnerabilities within applications. I have been using burpsuite for a few years now, so it was not new to me. However, I had always been critical of ZAP, and this course has now made me a ZAP fan, as I use it as a secondary tool.

Week 5

In week 5 you’ll learn things like Cross-Site Request Forgery (CSRF), Python,WPScan, w3af and many more advanced pen test tools. This is when you really get to play with the much larger toolsets. My favourite part of this week was learning the mentioned tools, some of which I had no used before and now got some exposure on.

Week 6

This week is the most fun out of the course, as you get to put your newly gained knowledge and skills to the test. You’ll work with a team on CTF events and try to compromise servers/applications.

If you want to know more about what you can win if you get the best CTF (during week 6) score check out my post here —-> https://www.stealthbay.com/sans-542-winning-the-ctf-event-coinage/

I would recommend everyone check out SANS’s offical SEC 542 course page, which lists all of the topics in detail. (https://www.sans.org/course/web-app-penetration-testing-ethical-hacking)

OnDemand or vLive ?

I haven’t taken an OnDemand course yet, but hope to at some point in time. The vLive course was fairly convenient for me, as it allowed me to study after work hours. We had 2 classes per a week during the later afternoon, early evening times. If your company has a budget to send you off to train in Vegas, I’d push for that opportunity as there are many advantages that come with it (networking with like minded individuals), which just isn’t easily done via vLive online courses. Some companies just don’t have the budget for training offsite, so the vLive option seems to be a cheaper alternative.

Should I take this course ?

If you plan to become a pen tester, or are interested in security testing websites. Then, I definitely would recommend you take this course. It’s a great course for new and intermediate web pen testers. If you prefer a much more advanced course. There is an advanced pen testing course SANS also offers (SEC 642). However, at the time of my post no current certification option exists for it yet, which is why I have personally held off taking it for the time being.

After my course, I also went ahead and challenged the GWAPT exam and passed. If you would like to better prepare for the GWAPT exam read my post here —-> https://www.stealthbay.com/passing-gwapt-exam/

 



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top