The Skinny: I couldn’t resist! The course title had me at hello. Who could turn down a class called “How to Hack and Defend Your Web Site in Just Three Hours” (offered by Concise Courses) - especially when said class is extremely affordable? Not this guy, that’s for sure.
Some background: I do a fair amount of external vulnerability scanning for my job. More and more we’re being asked specifically to test Web apps, and I wanted to get some more skills in this area, rather than relying solely on a series of tools to identify vulnerabilities for me.
The Good: Um, like, everything. First of all, the price. I guess I’m hesitant to mention what I paid for the course because #1: it’s worth much more, and #2: maybe they’ll raise the price after zillions of people read this review ;-). Seriously though, if I had a crystal ball and known what I would get out of the course ahead of time, I’d easily have paid 2x or 3x the cost.
Secondly, the course came with extremely well-written and helpful class prep information. Upon signing up, I received a plethora of helpful goodies including a course syllabus, and easy-to-understand virtual lab documentation - basically everything I’d need to know to hit the ground running.
Once the course got going, our instructor Alejandro (web, Twitter) gave a brief intro about himself and then dove right in to the content. He opened with a nice background on Web servers, applications and vulnerabilities that gave attendees a good foundation before we got to the real hacking. Then, before I knew it, we were off and hacking vulnerable VMs by taking advantage of real-world vulnerabilities such as SQL injection and cross-site scripting. My favorite exercise was one in which we hacked a Redbox-like site (read: NOT the real Redbox :-) by tricking it into letting us buy a DVD for only a few pennies.
After several hands-on exercises we ended with a multi-part hacking contest using the material we just learned. That was just plain jolly good fun, and while I didn’t complete all challenges during the allotted time, it was a great way to reinforce the material.
When the course was over, I contacted Concise Courses and Alejandro with some additional questions/comments, and they were both extremely quick to respond and eager to help. Alejandro pointed me towards this book to continue pursuing my interest in Web hacking, and I’m currently chewing through it whenever I get time.
The Bad: nothing that I can think of except…have you watched the Concise Courses Twitter feed? I want to take all the classes they offer. In addition to the fantastic Web hacking class, they offer a pentesting class I’m interested in (also reasonably priced!) as well as great other freebies such as Hacker Hotshot sessions, which are free Google Hangouts you can attend to brush up on your hacking skills.
The Bottom Line: I can’t recommend the Learn How to Hack and Defend Your Web Site class enough. It’s not only full of extremely high quality content, but it is offered at a ridiculously fair price compared to similar training I was considering.