RE: Certification in Web application security

Whiehat,

I am sure GWAS has not gone, as I only finished the exam 4 hours ago!

However, the exam/certification is for the 2 day Web Application
Security Workshop SEC-519.
The STAR certificate is for course SEC-419, so it is the same subject
but less detailed. Level 5xx are more challenging than level 4xx ones.

As far as I can see the course still runs (next one:
http://www.sans.org/link.php?id=790&mid=1032&portal=ec27e8472abb638477e0
9688196db607).

Personally, I don't rate CEH or CISSP for its Web App testing and would
not consider a holder as having any proven skills in web app hacking -
both are too general and broad to cover in detail all the various parts
of web app testing. (I say this with personal experience as I do hold
both).

If you don't want to do the SANS courses then try some other vendors for
country specific courses - I don't know where you live so I cannot give
you any examples, but BlackHat so some cool training courses - usually
by the likes of Foundstone or Sensepost these are highly rated and
respected as they are real hands on rather than powerpoint based
courses.

HTH


Steve A

---------

Insert list of certificates and certifications here
Insert witty line about Linux and windows here


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of whitehat
Sent: 21 February 2008 15:31
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Certification in Web application security

Hi List,


I would like to do a Certification in Web Application Security.
As I wanted to do GWAS before but it is no more as GWAS now and STAR
instead.
I'm in confusion now, so which certification you would like to suggest
me.

Cheers,

Whiehat.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Risks Digest 24.59
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Workshop on Web Security, ... FDA - MedWatch - Medical Device Safety - Change in Daylight ... Subject: REVIEW: "FISMA Certification and Accreditation Handbook", ...
    (comp.risks)
  • RE: CISSP-ISSMP
    ... the materials and touched the technology. ... trough a certification process and get certified. ... I am proud to be a certified security professional:) ... Certs are sort of new to the scene. ...
    (Pen-Test)
  • RE: CISSP-ISSMP
    ... management say "that's nice", and move on. ... education, certification, experience, know-how, abilities, and ... Many 'security jobs' are nothing shy than that of an overly glorified ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Re: Getting worried about the CISSP
    ... Yes, there were classes that were restricted to vendor employees, just as ... The issue isn't the detail of semantics, class, course or certification. ... you had to take training in their courses ... > and in the early days of certs, this was a good indication of the ...
    (alt.computer.security)
  • [Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #649 - 5 msgs
    ... Firewall disablers ... Send Full-Disclosure mailing list submissions to ... RE: Security Certifications ... Security Certification Consortium has developed and released a potentially destructive trojan application, which masquerades as a valid standard for professional certification in the field of information security. ...
    (Full-Disclosure)