Hi Chris, I believe your fellow could find the SEC542 course is useful. Even I have already done pentest for several years, the first 3 days of the materials focuses on beginner and tools manipulation. On day 4 and day 5, it is related to Python programming, exploit framework, etc, particularly training one to have more manual penetration test kungfu. The provided Ubuntu-based VM could allow your mate to practise the tools, carrying out the lab exercises. You could consider it is a good option indeed.
Regards, Anthony Lai, Hong Kong On Mon, Apr 12, 2010 at 10:15 PM, Chris Merkel <[email protected]> wrote: > Looking for feedback on the relative value of the SANS Web App Sec 542. I > have a fairly sharp analyst who is more familiar with the network / > infrastructure side of things and does not have a development background > (aside from CS in college ~6-7 years ago). > > I'd like some feedback from people who have taken the course, who also > don't have strong development chops, and if you were able to apply that > knowledge to successfully perform appsec assessments by way of > black/grey/whitebox testing and/or code review. > > Thanks! > > -- > - Chris Merkel > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Regards, Anthony LAI Founder & Security Researcher Valkyrie-X Security Research Group "Offensive . Creative . Fun"
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
