The Ethical Hacker Network - GWAPT - Challenge possible for a noob?

Latest Additions

Who's Online

knwminus

Full Member

Offline

Posts: 100

GWAPT - Challenge possible for a noob?

« on: December 01, 2010, 10:12:06 PM »

Greetings All:

I am a lerker here and occasionally I post (and log in). Today I am posting about GWAPT. I have found several threads here pointing out information about the exam but what I was wondering is if any one here has actually challenged it? I am being tasked with security our web severs and web code and I was thinking about studying for the GWAPT. I already have the web application hackers handbook and I am reviewing the OWASP testing guide. I plan to finish both as soon as possible. I also would like to take the So you want to learn web application hacking course and elearnsecurity before I attempt this (as well as complete C|EH eCPPT and a few others). I was just wondering if 8-9 months would be enough for a total noob to get to this level. Any thoughts?

My background:

I have been somewhat thrown into a infosec position (and I am happy

) I have the certs listed in my signature and I am working on the SSCP as we speak. I would like to work on layer 3-7 security so I'd like GSEC, GCIA, GPEN and GWAPT. My current position is becoming oriented in the direction of those 4 certs but I can't afford them all (even if I did challenge). At best I would be able to do GCIA and GWAPT (which are two I really, really want anyway).


« Last Edit: December 01, 2010, 10:13:58 PM by knwminus »	Logged

A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S

xXxKrisxXx

Hero Member

Offline

Posts: 512

Re: GWAPT - Challenge possible for a noob?

« Reply #1 on: December 02, 2010, 12:41:01 AM »

I think it's do-able from your stand-point. I know you get 120 days in the eLearnSecurity course before you can officially take on the certification attempt, infact they allow you to opt for it after being enrolled in the course for 7 days. This is way more than enough time to go through the entire content. The, "So you want to be a web-app pentester" course from learnsecurityonline looks like it has it's pluses too - very affordable, no certification attempt but looks like it goes very in-depth regarding attack vectors. I would recommend taking one of these courses first before opting for GWAPT but I haven't taken the GWAPT course and don't know how intense it is.

If you have the web application hackers handbook it sounds like you have a great resource already. Public vulnerable web apps out there like damn vulnerable web app and Mutillidae serve to be other great resources - you should have a look at them.


	Logged

eCPPT, GCIH, OSCP, OSWP

knwminus

Full Member

Offline

Posts: 100

Re: GWAPT - Challenge possible for a noob?

« Reply #2 on: December 02, 2010, 05:24:03 PM »

Thanks for the replies and suggestions. I hadn't heard of Mutilldae. I will probably work with DVWA later tonight (and crack my web application hackers handbook). Guess not many folks work with web stuff around here lol


	Logged

A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S

alan

Newbie

Offline

Posts: 48

Re: GWAPT - Challenge possible for a noob?

« Reply #3 on: December 03, 2010, 12:24:48 AM »

I can't help with GWAPT exam experience, but as Kris mentions, that books is a great resource.

you should check out OWASP broken web applications http://code.google.com/p/owaspbwa/ It has the apps you've listed aswell as some old versions of web apps that were vulnerable.