In this edition of the Primal Security blog, I will share my experiences during the eLearnSecurity’s Advanced Web Application Penetration Tester course and lab. This was my first eLearnSecurity course, but after this experience it certainly wont be my last! eLearnSecurity is one of the few training companies that understand how to teach technical content – through hands-on labs! It became very clear to me that they don’t just expect to you to read about the content, they expect you to think through and solve complex problems in their lab environment.
The course is broken into 9 different parts, each with different lab challenges, slides, and videos:
1. Encoding and Filtering
2. Evasion Basics
3. Cross-Site Scripting
4. Filter Evasion and WAF Bypassing
5. Cross-Site Request Forgery
7. SQL Injection
8. SQL Injection Filter Evasion and WAF Bypassing
9. XML Attacks
Here is a link to the course syllabus if you’d like to learn more.
Should You Take This Course?:
When interacting with vulnerabilities or teaching the course content, eLearnSecurity put a big focus on the actual code. Understanding vulnerabilities at the application code level is a critical learning curve that anyone interested in doing web application testing needs to eventually jump over. If you want to start to understand web application vulnerabilities beyond the automated scanner output, this course is for you.
“eLearnSecurity teaches you to go beyond the automated scanner“
Something they repeated throughout the course is that the best tool for you to use is your Brain. I found this very refreshing because other courses in the industry tend to be a heavy tool focus, which is important because as a tester you need to know how to leveraged automated tools, but you also need to know how to go beyond the automated tool. Doing web application penetration tests as my day job, I already knew this fact and was very pleased when eLearnSecurity put such a strong focus on manual testing, and using your “Brain” instead of a “point-and-click” scanner.
This course comes packed with loads of different labs. eLearnSecurity allocates lab time is it’s based on your usage. So you don’t pay for a 30 day chunk of labs, you get a certain number of hours. I really like the way the lab time is allocated because when the next big fire happens at work or life you aren’t wasting lab time. You can basically power on a VM and connect via VPN in hour chunks.
They do provide the answers to the challenges, which might be tempting to reference when you’re struggling, but please struggle through it! In the real world you wont have the “/solutions/” section on your web application, so learn how to scratch your head, pull out your hair and figure them out on your own before referencing the solutions.
“They showed the source code!“:
This is such a huge part of learning web application security, understanding the source code and how to interact with it or get around it. I found it useful to solve the lab challenge and recreate the lab scenario on my own system. I think building is a critical part of learning, and the lab environments for the course provide good ground for you to experiment with writing some of your own code.
Self-paced Learning Environment:
I really like this style of learning because I could control the rate at which I took in information. I could jump around course material based on my interest or prior knowledge. This style of teaching does require the student to be more individually motivated because you don’t have an instructor providing you the content in a controlled classroom environment. Some people prefer the time away from the office and home for a week to slam out a course, but I really enjoy the self-driven at my own pace style. The one catch is you’ll want to plan ahead to lock yourself in your basement, turn on some music, and start to hack.
When going through the course they always gave a solid introduction and history of the given vulnerability or topic they were about to cover. In addition, they provided a wealth of additional resources to reference (Conference Talks, Blogs, Articles, etc.).
“Course Makes Excellent Reference Material“
This course has earned a spot on my “book shelf” to leverage as a reference guide when doing assessments. There are always certain blogs, talks, books, etc. I keep close by when I run across different scenarios during a test to reference. A good example is I always tend to read back over Chris Gates talks on pwning Oracle applications when I run across an Oracle app :). Since there was such a strong focus on filter and WAF bypass, this course will be an extremely good resource when I am trying to get my XSS or SQLi to work through some additional layer of defenses.
Comparing eLearnSecurity to other training options available for web application testing you do get a lot for your money. They have three (3) different packages to choose from “$899”, “$999”, “$1299”, each with different options, most notably lab time, which is detailed here.
So for around ~1k you get access to the course materials and lab time, some other trainings in the industry top the 4-5k range. For ~1k I feel this course has a solid Return on Investment (ROI) – Manager term in case you need to get justification to take the training #lol.
Additional Thoughts: Pick a Scripting Language
Learning a scripting language wasn’t in the scope of the course, but I think its a skill required of any advanced or senior level application tester. If you go into this course and don’t know how to script, automate attacks, or build your own scanners I highly suggest you invest some time in learning a scripting language (and it should be Python!).
Reflecting back on my experience I always get so much more out of performing hands on labs vs. just reading about doing the work. Training for technical skills is a lot like training for a sport, sure reading about proper form and techniques are great, but if you don’t get out there and try to lift the weight, hit the ball, or run you aren’t likely to perform on game day.
eLearnSecurity understands this and makes lab challenges a large part of the course content. Combined with a very reasonable cost, this course has a lot of value. I know after taking the course I will find additional vulnerabilities, and bypass more controls when doing web application penetration testing – it has sharpened my swords!