[Owasp-Mumbai] Certification Help

Bishan Singh c70n3r at gmail.com
Thu Jun 18 03:50:03 EDT 2009


Vaibhav - Could you send the SANS India details?

For BackTrack, although it doesn't have training in India, it has good
training videos and access to there test lab for practicing.

GSSP would be great if you want to get skilled on Secure Code Review. It all
depends on where you are and what you wish to achieve. For me better
Application Security testing is whitebox that involves dynamic & static
analysis. If you wish to limit yourself to blackbox security testing at this
time GIAC WAPT should do good.


On Thu, Jun 18, 2009 at 1:01 PM, vaibhav aher <vaibhavaher at gmail.com> wrote:

> Hello Aashish,
> It dosen't matter at all that is SANS has training center in INDIA. You can
> apply for the GIAC WAPT exam online and it will not cost you more than 10-
> 15 K.
>
> Backtrack is a live distro and mainly speak about Vulnerability Assessment,
> Network penetration testing, Wifi Security and Web Application Audit. But
> again there is no training center in India, but a thumb rule " *Use it to
> Learn i**t*". Also you can try google and you can find some papers and
> videos of offensive security cert.
>
> The top companies will always look for GIAC instead of CEH. Also GIAC GSSP
> Java is generally for programmers, so the ball in your court. As mainly you
> are looking for Web application penetration testing.
>
> Thanks
> Vaibhav
>
>
> On Thu, Jun 18, 2009 at 12:45 PM, Bishan Singh <c70n3r at gmail.com> wrote:
>
>> I would bet so. Unless SANS (GIAC is the certification body) starts these
>> trainings in India and that too at affordable prices, we will have to wait.
>>
>> Having said that CISSP continues to hold good value. It is not specific to
>> App security but this probably has the most value in the market.
>>
>> On Thu, Jun 18, 2009 at 12:23 PM, Aashish Bobade <aashishbobade at gmail.com
>> > wrote:
>>
>>> Is this means if we are looking for good market value in INDIA  CEH is
>>> best?
>>>
>>> Best Regards,
>>> *Ashish A Bobade
>>> * http://TechChase.in
>>>
>>>
>>>
>>> On Thu, Jun 18, 2009 at 12:17 PM, Bishan Singh <c70n3r at gmail.com> wrote:
>>>
>>>> For VAPT, they have GPEN. GPEN has good value abroad. And from what I
>>>> hear it is pretty decent.
>>>>
>>>> For Application Security they have this Software Security
>>>> certification series that has secure programming series for Java, .net
>>>> and C. I have heard Java is good. Haven't heard much about others. I
>>>> have personally done GNET which is for .Net Security.
>>>>
>>>>
>>>> On Thu, Jun 18, 2009 at 12:01 PM, <nileshkumar83 at gmail.com> wrote:
>>>> > Hi Bishan,
>>>> >
>>>> >    Does GIAC focus on Web Application Security Testing (VAPT) area or
>>>> VAPT
>>>> > is just a part of it?
>>>> >
>>>> > Regards,
>>>> > Nilesh
>>>> >
>>>> > On Thu, Jun 18, 2009 at 11:52 AM, Bishan Singh <c70n3r at gmail.com>
>>>> wrote:
>>>> >>
>>>> >> I would recommend something from the GIAC. One of the good ones is
>>>> >> http://giac.org/certifications/software/gssp-java.php
>>>> >>
>>>> >> It is a proctored exam. I do not know the cost. Also I think for GIAC
>>>> >> certifications it is good to undergo training unless you are a
>>>> seasoned pro.
>>>> >> Sad thing is this training doesn't happen in India.
>>>> >>
>>>> >> If you are looking for a market value, I do not know how much it
>>>> carries
>>>> >> in India. Recruiters usually look for CEH.
>>>> >>
>>>> >> On Thu, Jun 18, 2009 at 11:08 AM, Aashish Bobade <
>>>> aashishbobade at gmail.com>
>>>> >> wrote:
>>>> >>>
>>>> >>> Hi All,
>>>> >>>
>>>> >>> May be this question already raised ,Can any one help me to find out
>>>> best
>>>> >>> certification for Web Application Security Testing..
>>>> >>>
>>>> >>> Some people suggest to go for CEH and some CISSA.. I am confused
>>>> because
>>>> >>> most of the certification exams have network security related
>>>> syllabus..
>>>> >>>
>>>> >>> Which will be best if I want to focus on Web Application Security
>>>> >>> Testing.
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> Thanks,
>>>> >>> Ashish A Bobade
>>>> >>> http://TechChase.in
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> OWASP-Mumbai mailing list
>>>> >>> OWASP-Mumbai at lists.owasp.org
>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> http://apps3c.blogspot.com
>>>> >>
>>>> >> _______________________________________________
>>>> >> OWASP-Mumbai mailing list
>>>> >> OWASP-Mumbai at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> > Thanks & Regards,
>>>> > Nilesh Kumar,
>>>> > Security Specialist | SDG Corporation
>>>> > www.sdgc.com
>>>> > www.nileshkumar83.blogspot.com
>>>> > www.linkedin.com/in/nileshkumar83
>>>> > Mobile- +91-9891524880
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> http://apps3c.blogspot.com
>>>>
>>>
>>>
>>
>>
>> --
>> http://apps3c.blogspot.com
>>
>> _______________________________________________
>> OWASP-Mumbai mailing list
>> OWASP-Mumbai at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>
>>
>
>
> --
> Vaibhav Aher
> ISO27001,C|EH
> Security Consultant
> +91 09225325661
>
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>


-- 
http://apps3c.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090618/5179667a/attachment.html 


More information about the OWASP-Mumbai mailing list