Page 214 - Hands-On Bug Hunting for Penetration Testers
P. 214
Going Further Chapter 13
SANS AppSec Blog
Another SANS property, the AppSec blog with Frank Kim (IUUQT TPGUXBSF TFDVSJUZ
TBOT PSH CMPH) is another wellspring of practical advice for the dedicated pentester. Kim
does a great series of yearly surveys and other annual projects that make interesting
comparison points for analyzing the evolution of prominent topics in security over the past
several years.
Courses
There are several great courses associated both with common e-learning destinations, such
as Udemy, and prestigious security certifications, such as offensive security's Offensive
Security Certified Professional (OSCP). They vary along several lines, including the
required background, length, scope, and price. Taken together, they represent a
kaleidoscope of security training options and philosophies.
Penetration Testing With Kali Linux
OSCP's penetration testing with Kali Linux class (IUUQT XXX PGGFOTJWF TFDVSJUZ DPN
JOGPSNBUJPO TFDVSJUZ USBJOJOH QFOFUSBUJPO UFTUJOH USBJOJOH LBMJ MJOVY ) is the
required coursework for the OSCP certification, and comes with 30 days of access to the
certification exam VPN. OSCP is respected because it enforces a practical lab where, instead
of answering multiple choice questions, the test taker must log on to the OSCP network and
discover several vulnerabilities within their allotted 24-hour testing period. Though you
might want to work your way up to the OSCP exam (and it can be expensive), it's a great
goal if you're interested in pursuing a career in security.
The Infosec Institute Coursework
The Infosec Institute (IUUQT XXX JOGPTFDJOTUJUVUF DPN ) offers several online courses
and bootcamps aimed at preparing students for certifications, such as Certified Ethical
Hacker (CEH) and Certified Penetration Tester (CPT). Their 10-day bootcamp is intensive,
but also a bit expensive.
[ 199 ]
