Any advanced offensive web application security trainings you would recommend? The obvious one would be OSWE, but I don't like the exam conditions of Offensive Security.

#Pentesting #AppSec #InfoSec #CyberSecurity #Hacking

@kpwn Anything that Secure State is doing. Also, I have heard really good things about the Portswigger online stuff, though I haven't tried the paid courses.

@Sempf Thanks. Going to take a look.

@kpwn Portswigger's Web Security Academy is free and a great combination of labs and training material. Labs range from basic to advanced.

PentesterLab (paid but inexpensive) is great, particularly for code review, though is less guided than WSA or other resources.

I really enjoyed the OSWE, but the material and labs don't hold your hand so be prepared to have to learn and practice outside of it. For me, the exam was technically straightforward but mentally exhausting.

The lectures from Stanford's CS-253 class from 2021 is available online for free - https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cHsXN_kvJOOhu-.

Not training, but the free Natas (overthewire) and Juice Shop (OWASP) labs are great for learning and there are plenty of walkthroughs available.

@fordy8k Thanks for your detailed answer. I have already worked through most of the Web Security Academy and agree that it is a great resource. I'll take a look at the others ❤️

@kpwn I have no first-hand experience, but this must be pretty nice (Steven Seeley does it) for advanced topics: https://srcincite.io/training/

@buherator Thanks :)