[Owasp-Mumbai] OWASP-Mumbai Digest, Vol 31, Issue 5

DEEPAK CHOUGULE deepakchougule at gmail.com
Thu Jun 18 20:57:38 EDT 2009


Hi Friends,
New to this mailing list and need to know where to find the study material
for GIAC specifically study material targetted at functional security
testing of applications.

Thanks and Regards,
Deepak Chougule.

On Thu, Jun 18, 2009 at 9:30 PM, <owasp-mumbai-request at lists.owasp.org>wrote:

> Send OWASP-Mumbai mailing list submissions to
>        owasp-mumbai at lists.owasp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.owasp.org/mailman/listinfo/owasp-mumbai
> or, via email, send a message with subject or body 'help' to
>        owasp-mumbai-request at lists.owasp.org
>
> You can reach the person managing the list at
>        owasp-mumbai-owner at lists.owasp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OWASP-Mumbai digest..."
>
> Today's Topics:
>
>   1. Re: Certification Help (Bishan Singh)
>
>
> ---------- Forwarded message ----------
> From: Bishan Singh <c70n3r at gmail.com>
> To: vaibhav aher <vaibhavaher at gmail.com>
> Date: Thu, 18 Jun 2009 13:20:03 +0530
> Subject: Re: [Owasp-Mumbai] Certification Help
> Vaibhav - Could you send the SANS India details?
>
> For BackTrack, although it doesn't have training in India, it has good
> training videos and access to there test lab for practicing.
>
> GSSP would be great if you want to get skilled on Secure Code Review. It
> all depends on where you are and what you wish to achieve. For me better
> Application Security testing is whitebox that involves dynamic & static
> analysis. If you wish to limit yourself to blackbox security testing at this
> time GIAC WAPT should do good.
>
>
> On Thu, Jun 18, 2009 at 1:01 PM, vaibhav aher <vaibhavaher at gmail.com>wrote:
>
>> Hello Aashish,
>> It dosen't matter at all that is SANS has training center in INDIA. You
>> can apply for the GIAC WAPT exam online and it will not cost you more than
>> 10- 15 K.
>>
>> Backtrack is a live distro and mainly speak about Vulnerability
>> Assessment, Network penetration testing, Wifi Security and Web Application
>> Audit. But again there is no training center in India, but a thumb rule "
>> *Use it to Learn i**t*". Also you can try google and you can find some
>> papers and videos of offensive security cert.
>>
>> The top companies will always look for GIAC instead of CEH. Also GIAC GSSP
>> Java is generally for programmers, so the ball in your court. As mainly you
>> are looking for Web application penetration testing.
>>
>> Thanks
>> Vaibhav
>>
>>
>> On Thu, Jun 18, 2009 at 12:45 PM, Bishan Singh <c70n3r at gmail.com> wrote:
>>
>>> I would bet so. Unless SANS (GIAC is the certification body) starts these
>>> trainings in India and that too at affordable prices, we will have to wait.
>>>
>>> Having said that CISSP continues to hold good value. It is not specific
>>> to App security but this probably has the most value in the market.
>>>
>>> On Thu, Jun 18, 2009 at 12:23 PM, Aashish Bobade <
>>> aashishbobade at gmail.com> wrote:
>>>
>>>> Is this means if we are looking for good market value in INDIA  CEH is
>>>> best?
>>>>
>>>> Best Regards,
>>>> *Ashish A Bobade
>>>> * http://TechChase.in
>>>>
>>>>
>>>>
>>>> On Thu, Jun 18, 2009 at 12:17 PM, Bishan Singh <c70n3r at gmail.com>wrote:
>>>>
>>>>> For VAPT, they have GPEN. GPEN has good value abroad. And from what I
>>>>> hear it is pretty decent.
>>>>>
>>>>> For Application Security they have this Software Security
>>>>> certification series that has secure programming series for Java, .net
>>>>> and C. I have heard Java is good. Haven't heard much about others. I
>>>>> have personally done GNET which is for .Net Security.
>>>>>
>>>>>
>>>>> On Thu, Jun 18, 2009 at 12:01 PM, <nileshkumar83 at gmail.com> wrote:
>>>>> > Hi Bishan,
>>>>> >
>>>>> >    Does GIAC focus on Web Application Security Testing (VAPT) area or
>>>>> VAPT
>>>>> > is just a part of it?
>>>>> >
>>>>> > Regards,
>>>>> > Nilesh
>>>>> >
>>>>> > On Thu, Jun 18, 2009 at 11:52 AM, Bishan Singh <c70n3r at gmail.com>
>>>>> wrote:
>>>>> >>
>>>>> >> I would recommend something from the GIAC. One of the good ones is
>>>>> >> http://giac.org/certifications/software/gssp-java.php
>>>>> >>
>>>>> >> It is a proctored exam. I do not know the cost. Also I think for
>>>>> GIAC
>>>>> >> certifications it is good to undergo training unless you are a
>>>>> seasoned pro.
>>>>> >> Sad thing is this training doesn't happen in India.
>>>>> >>
>>>>> >> If you are looking for a market value, I do not know how much it
>>>>> carries
>>>>> >> in India. Recruiters usually look for CEH.
>>>>> >>
>>>>> >> On Thu, Jun 18, 2009 at 11:08 AM, Aashish Bobade <
>>>>> aashishbobade at gmail.com>
>>>>> >> wrote:
>>>>> >>>
>>>>> >>> Hi All,
>>>>> >>>
>>>>> >>> May be this question already raised ,Can any one help me to find
>>>>> out best
>>>>> >>> certification for Web Application Security Testing..
>>>>> >>>
>>>>> >>> Some people suggest to go for CEH and some CISSA.. I am confused
>>>>> because
>>>>> >>> most of the certification exams have network security related
>>>>> syllabus..
>>>>> >>>
>>>>> >>> Which will be best if I want to focus on Web Application Security
>>>>> >>> Testing.
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> Thanks,
>>>>> >>> Ashish A Bobade
>>>>> >>> http://TechChase.in
>>>>> >>>
>>>>> >>> _______________________________________________
>>>>> >>> OWASP-Mumbai mailing list
>>>>> >>> OWASP-Mumbai at lists.owasp.org
>>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>>>> >>>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> http://apps3c.blogspot.com
>>>>> >>
>>>>> >> _______________________________________________
>>>>> >> OWASP-Mumbai mailing list
>>>>> >> OWASP-Mumbai at lists.owasp.org
>>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>>>> >>
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Thanks & Regards,
>>>>> > Nilesh Kumar,
>>>>> > Security Specialist | SDG Corporation
>>>>> > www.sdgc.com
>>>>> > www.nileshkumar83.blogspot.com
>>>>> > www.linkedin.com/in/nileshkumar83
>>>>> > Mobile- +91-9891524880
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> http://apps3c.blogspot.com
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> http://apps3c.blogspot.com
>>>
>>> _______________________________________________
>>> OWASP-Mumbai mailing list
>>> OWASP-Mumbai at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>>
>>>
>>
>>
>> --
>> Vaibhav Aher
>> ISO27001,C|EH
>> Security Consultant
>> +91 09225325661
>>
>>
>> _______________________________________________
>> OWASP-Mumbai mailing list
>> OWASP-Mumbai at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>>
>>
>
>
> --
> http://apps3c.blogspot.com
>
> _______________________________________________
> OWASP-Mumbai mailing list
> OWASP-Mumbai at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mumbai
>
>


-- 
Thanks and Regards,
Deepak Chougule.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-mumbai/attachments/20090619/b6e04fb9/attachment.html 


More information about the OWASP-Mumbai mailing list