Tuesday, September 20, 2011

MDSec online training labs

Now that the second edition of The Web Application Hacker's Handbook is being shipped, it's time to start talking about the online training labs that accompany the new book. These labs are:

  • Written by the authors of WAHH.

  • Available online and on-demand, for you to use as you work through the book.

  • Very extensive, containing over 300 individual examples demonstrating almost every kind of web application vulnerability.

  • Cheap, costing only $7 per hour to use.

  • Hosted, fashionably, in the cloud, so you get your own server to play on, without worrying about interference from other lab users.

We hope that these labs will make the new edition of the book even more effective as a learning resource, letting you try for yourself any particular vulnerability types or variations that you have not encountered in the wild.

Try out the MDSec labs now!


Anonymous said...

Thanks. It's really handy for us.

Lucian said...

At 7$/hour it can become expensive for someone that wants to try most of them.

Can you add another option like one month full access for xxx$?

Me, and others, I will definitely like this option more.

Sergio T. said...


I totally agree with you.
I am in the same situation. I would definitely buy an access to the labs if there was a full month access, or perhaps full year access.

7$/hour sounds like a bargin, but it fast gets a lot of money. And very often you have to stop doing the training and instead doing some work that you boss wants to be done immediately.

Stuart said...

The labs are great, but I would really like to see a few additions to the service.

1. The ability to pause the session. Rarely did I complete a session without having some sort of interruption, whether it be a program error, or a phone call.

2. Solutions to the labs. Some of them are obviously a lot more difficult than others (reflecting the real world); and while I enjoy a challenge, I don't like spending hours of credits getting nowhere. As such, I've had to give up on a few and move to the next batch otherwise it just works out too expensive. Since the main purpose is to train the user, I think it's only fair that the solutions are also given.