@bumika said:
Thank you for the detailed description and congratulations! How can I imagine a proctored exam in 48 hours? Do they follow my activity through a camera?
It is very similar to OSCP, if you’ve taken that. Basically they watch you through webcam and view your screen, to ensure that you are the one doing the work, and not someone else. It goes on for the whole 48 hours.
I have both Sec+ and CISSP. I would say skip the Sec+ and go for CISSP. CISSP has everything Sec+ has and more. CISSP is a beast in its own right, you have to learn the rules in ISC2’s reality. Think like a high level boss in terms of how to defend everything, including stupid employees who write their password on a notepad and leave it on the subway. Even if you stay as a pen tester for life, CISSP helps you see the big picture so you never have to ask why am I doing this, or who does this affect?
@squirrelpizza said:
I have both Sec+ and CISSP. I would say skip the Sec+ and go for CISSP. CISSP has everything Sec+ has and more. CISSP is a beast in its own right, you have to learn the rules in ISC2’s reality. Think like a high level boss in terms of how to defend everything, including stupid employees who write their password on a notepad and leave it on the subway. Even if you stay as a pen tester for life, CISSP helps you see the big picture so you never have to ask why am I doing this, or who does this affect?
As a fellow OSWE holder I disagree with your assessment that the course doesn’t cover vulnerability discovery enough, I actually found it was quite good.
They give you all the tools needed to find vulnerabilities and the extra miles are really good at making you go through things and create your own methodology for vulnerability discovery.
I also don’t think the course should dive into blackbox testing, it’s meant to be a whitebox testing course.
I do agree that the course could use more extra miles and a tweak to a certain one…
More languages is probably not needed since it covers the more common languages for web development, but more challenges would be nice.
Thanks for this detailed review. I am rather interested in this exam, since it would be a good fit for my day job as a developer. Do you think/know if OSCP is required for this exam?
@dnperfors said:
Thanks for this detailed review. I am rather interested in this exam, since it would be a good fit for my day job as a developer. Do you think/know if OSCP is required for this exam?
You can definitely go directly to OSWE, since there are no prerequisite to this course. I think it would also be good for you, since OSWE is also aimed towards developers.
However, I must note that OSWE is an advanced course, so you must have good knowledge in web exploitation. If you do take and pass OSCP, and then complete the areas I mentioned in the study plan above, then you are good to go.
Thanks, I already planned to look at several boxes, including the ones mentioned in the link. After studying those, I can always decide whether or not I am confident enough to start…
Thank you so much for the detailed review, it’s probably the best one for the OSWE so far.
But I still have some questions, as you mentioned before that you took some courses in web development, and you did not go very deep in each, but after reading the whole review, it gives the implication that you have to be an expert in the mentioned languages, or at least called a developer in that certain language, that you can read and write anything. Is this true?
And can you please recommend any courses (URL’s) that helped you in learning those languages?
@ASD0 said:
Thank you so much for the detailed review, it’s probably the best one for the OSWE so far.
But I still have some questions, as you mentioned before that you took some courses in web development, and you did not go very deep in each, but after reading the whole review, it gives the implication that you have to be an expert in the mentioned languages, or at least called a developer in that certain language, that you can read and write anything. Is this true?
And can you please recommend any courses (URL’s) that helped you in learning those languages?
What I meant is that you wouldn’t have to become and expert in each language, but you have to be able to read it’s code, understand it’s web functionality, and be able to write some code in it, in case you have to modify any of the code. So you should be able to develop things in it, but by no means do you have to become an expert developer in each.
Other than the courses i mentioned above, you can either search YouTube for introductory courses, or you can take an web development course in that language from udemy.