How difficult is the GWAPT certification

Viewing 11 reply threads
  • Author
    Posts
    • #4520
      T_Bone
      Participant

      Hi Guys

      Is there anyone out there whom has taken both the GPEN and GWAPT certs? If so which was more difficult please?

      Cheers

    • #28288
      Jhaddix
      Participant

      Hey T_Bone,

      I’ve taken both classes, passed the GPEN, going on for the GWAPT in the next few weeks.

      As far as the content goes Sec542 was harder for me. I never did web development in the past so some of the attacks were new things, for instance attacking/enumerating SOAP web services. i dont see it as much more difficult though.

      Ask apollo, he’s passed both i think… =)

    • #28289
      apollo
      Participant

      The GWAPT test was harder than GPEN test.  Part of it is that web pen testing is about nuance where many of the things on GPEN are more straight forward.  An app is either vulnerable or it’s not, where an XSS or SQL injection can look a number of ways.  We covered Nessus in GPEN, there are 4 or 5 scanners used for GWAPT.  It’s the little things that will get you.  I thought the GWAPT class was harder than the GPEN class too.  I think that part of that is due to the fact that Ed Skoudis is a badass when it comes to course devel.  His courses have a great flow to them, and Ed is an excellent educator.  Kevin’s class, the web app pen testing class, is very good but the information doesn’t have as much of a flow to it.  It is still an excellent class, but the material that has to be covered can’t really have as much of a natural flow to it. 

      This is more forward than I normally am, but take 560 (GPEN) before you take 542 (GWAPT) I think, the GPEN will get you the business knowledge and the GWAPT covers more skills type things.  Once you’re thinking like a pen tester business and skills wise, the GWAPT will go better.  GWAPT was a kick ass class though, and you will learn great stuff.  I haven’t seen any course material out there that covers what GWAPT covers as well as it covers it.

    • #28290
      caissyd
      Participant

      Other than GWAPT, is there any other courses/certs related to web app pentesting?

    • #28291
      KrisTeason
      Participant

      @ h1t m0nk3y – Here’s an affordable course that I know about related to Web App Testing.

      LSO – So You Want To Be A Web App Pentester

      Also check out the 3DCPT From Heorot.net – it looks to be focused on web attacks.

      http://heorot.net/training/

      Cheers

    • #28292
      BigPrince
      Participant

      542 was harder than 560.  I agree with the above that if you can, do both with 560 first.  Great classes.

    • #28293
      Dark_Knight
      Participant

      For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?

    • #28294
      caissyd
      Participant

      Thanks xXxKrisxXx, I appreciate it!

      GPEN and GWAPT are a bit pricy for me at the moment, these are indeed very good alternatives!

    • #28295
      apollo
      Participant

      @Dark_Knight wrote:

      For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?

      Both, I program in c/c++/php/perl/python/ruby/lua predominantly but am not a true developer.  The reason the web stuff is harder course wise is that there is much more subtlety to what you are doing.  Do you need a ‘ or a ” when you are doing a specific injection.  What happens when the script upper cases every command you type for command injection (unix doesn’t like that much).  Those sort of things you don’t have to deal with as much in the network pen testing classes.

      That said, I should say if you have no programming background at all, you may find 542 even more challenging.  There are days in there to teach basic scripting, but you will be slower than your counterparts who have some very basic experience in programing/scripting.  That said, you don’t have to have programming knowledge to take the course, you will do ok without it, but you will have to work harder.

    • #28296
      Dark_Knight
      Participant

      @apollo wrote:

      @Dark_Knight wrote:

      For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?

      Both, I program in c/c++/php/perl/python/ruby/lua predominantly but am not a true developer.  The reason the web stuff is harder course wise is that there is much more subtlety to what you are doing.  Do you need a ‘ or a ” when you are doing a specific injection.  What happens when the script upper cases every command you type for command injection (unix doesn’t like that much).  Those sort of things you don’t have to deal with as much in the network pen testing classes.

      That said, I should say if you have no programming background at all, you may find 542 even more challenging.  There are days in there to teach basic scripting, but you will be slower than your counterparts who have some very basic experience in programing/scripting.  That said, you don’t have to have programming knowledge to take the course, you will do ok without it, but you will have to work harder.

      I follow you. I come from a programming background and am currently doing the GWAPT via SansOndemand. Great stuff so far. Kevin Johnson is hilarious 🙂

    • #28297
      Salmonella
      Participant

      It depends on your background.  As a developer I found the GPEN to be harder.  Network folks will probably find the GWAPT harder. 

    • #28298
      Dengar13
      Participant

      I am attending the SANS Sec542 (GWAPT) class right now and think that this is pretty intense.  I agree with Salmonella, I am a networking guy and find this to be pretty advanced.

Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?