> Sure, you can make donation to louis@pentesterlab.com using Paypal. If you don't like Paypal just send a donation to any charity and email me so I will feel good about it ;)
Don't say you accept donations over Paypal unless you are a registered non-profit organization. This is one of the most common reasons why accounts get frozen.
(EDIT: I re-checked, and it seems plenty of people receive donations with Paypal without a hitch... until they reach a certain threshold and get locked out.)
You would be surprised at how many people claim to be accepting "donations" but then are really selling things (while carefully avoiding the word "sell" for whatever reason, such as to not have to collect and file sales tax or not claim income): "donate $5 and I'll send you a copy of my software / give you access to my website / send you a free gift", for example. This is the real reason so many accounts get frozen with relation to donations, not quantity.
(That said, you should make it clear to your contributors that their "donation" is not a charitable contribution from a tax perspective, which many people might fail to realize if you use the word "donate"; but, in my direct experience from getting my account temporarily limited, if you get dinged on this one it is easy enough to talk to PayPal, find out what happened, and get everything up again in a couple hours after working out better wording with them.)
I like it, looks great. But I would like to see your education/certification/experience presented on the website. I would say that is kind of mandatory when saying you teach "The Right Way" of something.
Yes, sorry for that, it may be a bit presumptuous. I tried "The Worst Way" it didn't work as much ;)
Joke aside, most training/material I saw give too much information or not enough, I tried to find the right balance to help people understand (giving a lot of information) and remember things (working hard to learn stuff).
Most other training are also pretty expensive: I tried to a cheap version and ended up providing the exercises for free. An lot of universities don't have the resources to provide good quality/up-to-date training, I hope students will be able to learn from my exercises...
Most other training are backed up by a certifications: I tried to do something where people just learn stuff because they are interested by them and want to get better and not teaching them "just what they need to pass the cert..."
Regarding my background: one engineering degree in IT architecture, one master in Security (both done in France). Few years of sysadmin at school and teaching web tuff (mostly PHP to pay for stuff). 3 years working in France as a security consultant, where I also gave few trainings and talks. And the same thing for 4 years in Australia. I don't put that online because I didn't think it was relevant :/
Finally, marketing is hard and I needed something catchy ;)
Great initiative, it would be nice to have some more info on your site who you (they) are. I think many people aren`t going to download and execute data from unknown person/organisation.
<Kaa singing "Trust in Me">
My real name is on the PDF and you can find a lot of information on me on Internet... Previous talks, where I worked... As far as I know, the PDF aren't backdoored (I'm also working on a HTML version), you can open in Google docs if you're not sure. For the ISO, I wouldn't waste a bug allowing to break out of VMWARE/Virtual Machine/...
</Kaa singing "Trust in Me">
Slightly off-topic but I figure what the hell I may ask. I am two years out of university (comp sci), working as support/development in investment banks (indeed the work is destroying my soul.) I've spent quite a bit of time looking into fields I may be interested in such as security i.e. why I'm going to try your exercises.
My question is, this area seems quite niche, how does the average person work out if they're suited to this? Furthermore, is there obvious prerequisites to working out whether you will enjoy certain areas. i.e. I do not feel very good at programming, therefore is it strongly unlikely I would enjoy testing / security.
I realise this isn't the right place so feel free to ignore me :)
I think you can be suited for everything. IT Security is a real big domain, depending on your skills and what you like, you can land different jobs. If you are a person who go to calmly deep dive into problems, you may be interested by security code review, if you're more into quickly understand how things work and try to abuse the default behaviour, you can work in pentest. IT sec is a huge field. Just start learning and you will see what you like... There is no suited for this, even if being curious and working hard help a lot ;)
Feel free to email me (my email is on the exercises' front page), if you need to talk about this ;)
Very much appreciate the reply and thank you for the kind offer of e-mail. Hopefully I'll find time to try your course, e-mail you some feedback and perhaps pick your brain :)
Again OT, you said you taught PHP, where and how did you get into this?
Some corporate clients are asking for pentest results from "a reputable pentest organization". Anyone on this thread have advice as to how I can satisfy them without breaking my startup bank?
You can try bugcrowd, they won't qualify for "a reputable pentest organization" yet, but they will get stuff done and you can then argue that you had few hundreds hacker attacking your app.
Maybe you can talk to one of this "reputable pentest organization" and get them to drop the price if they can blog or use your startup as a show case for other potential clients. Pentest companies have a hard time advertising their services (it's "lemon market"), so everyone could win in that deal.
Do you want a serious pentest (i.e. really looking for vulnerabilities) or do you want a pentest that will get you certification so you can sell clients ?
> Sure, you can make donation to louis@pentesterlab.com using Paypal. If you don't like Paypal just send a donation to any charity and email me so I will feel good about it ;)
I like this state of mind.