.

How difficult is the GWAPT certification

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Tue Dec 29, 2009 4:17 am

How difficult is the GWAPT certification

Hi Guys

Is there anyone out there whom has taken both the GPEN and GWAPT certs? If so which was more difficult please?

Cheers
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Fri Mar 05, 2010 11:45 pm

Re: How difficult is the GWAPT certification

Hey T_Bone,

I've taken both classes, passed the GPEN, going on for the GWAPT in the next few weeks.

As far as the content goes Sec542 was harder for me. I never did web development in the past so some of the attacks were new things, for instance attacking/enumerating SOAP web services. i dont see it as much more difficult though.

Ask apollo, he's passed both i think... =)
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sat Mar 06, 2010 2:36 am

Re: How difficult is the GWAPT certification

The GWAPT test was harder than GPEN test.  Part of it is that web pen testing is about nuance where many of the things on GPEN are more straight forward.  An app is either vulnerable or it's not, where an XSS or SQL injection can look a number of ways.  We covered Nessus in GPEN, there are 4 or 5 scanners used for GWAPT.  It's the little things that will get you.  I thought the GWAPT class was harder than the GPEN class too.  I think that part of that is due to the fact that Ed Skoudis is a badass when it comes to course devel.  His courses have a great flow to them, and Ed is an excellent educator.  Kevin's class, the web app pen testing class, is very good but the information doesn't have as much of a flow to it.  It is still an excellent class, but the material that has to be covered can't really have as much of a natural flow to it. 

This is more forward than I normally am, but take 560 (GPEN) before you take 542 (GWAPT) I think, the GPEN will get you the business knowledge and the GWAPT covers more skills type things.  Once you're thinking like a pen tester business and skills wise, the GWAPT will go better.  GWAPT was a kick ass class though, and you will learn great stuff.  I haven't seen any course material out there that covers what GWAPT covers as well as it covers it.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Sat Mar 06, 2010 5:59 pm

Re: How difficult is the GWAPT certification

Other than GWAPT, is there any other courses/certs related to web app pentesting?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat Mar 06, 2010 8:02 pm

Re: How difficult is the GWAPT certification

@ h1t m0nk3y - Here's an affordable course that I know about related to Web App Testing.

LSO - So You Want To Be A Web App Pentester

Also check out the 3DCPT From Heorot.net - it looks to be focused on web attacks.

http://heorot.net/training/

Cheers
Last edited by KrisTeason on Sat Mar 06, 2010 8:13 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

BigPrince

Newbie
Newbie

Posts: 5

Joined: Mon Mar 09, 2009 6:10 pm

Post Sat Mar 06, 2010 9:13 pm

Re: How difficult is the GWAPT certification

542 was harder than 560.  I agree with the above that if you can, do both with 560 first.  Great classes.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Mar 06, 2010 10:07 pm

Re: How difficult is the GWAPT certification

For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Sun Mar 07, 2010 7:36 am

Re: How difficult is the GWAPT certification

Thanks xXxKrisxXx, I appreciate it!

GPEN and GWAPT are a bit pricy for me at the moment, these are indeed very good alternatives!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sun Mar 07, 2010 10:31 am

Re: How difficult is the GWAPT certification

Dark_Knight wrote:For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?


Both, I program in c/c++/php/perl/python/ruby/lua predominantly but am not a true developer.  The reason the web stuff is harder course wise is that there is much more subtlety to what you are doing.  Do you need a ' or a " when you are doing a specific injection.  What happens when the script upper cases every command you type for command injection (unix doesn't like that much).  Those sort of things you don't have to deal with as much in the network pen testing classes.

That said, I should say if you have no programming background at all, you may find 542 even more challenging.  There are days in there to teach basic scripting, but you will be slower than your counterparts who have some very basic experience in programing/scripting.  That said, you don't have to have programming knowledge to take the course, you will do ok without it, but you will have to work harder.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sun Mar 07, 2010 3:42 pm

Re: How difficult is the GWAPT certification

apollo wrote:
Dark_Knight wrote:For the guys who say the GWAPT was harder than the GPEN, what is your background? Is it in development/programming or network admin stuff?


Both, I program in c/c++/php/perl/python/ruby/lua predominantly but am not a true developer.  The reason the web stuff is harder course wise is that there is much more subtlety to what you are doing.  Do you need a ' or a " when you are doing a specific injection.  What happens when the script upper cases every command you type for command injection (unix doesn't like that much).  Those sort of things you don't have to deal with as much in the network pen testing classes.

That said, I should say if you have no programming background at all, you may find 542 even more challenging.  There are days in there to teach basic scripting, but you will be slower than your counterparts who have some very basic experience in programing/scripting.  That said, you don't have to have programming knowledge to take the course, you will do ok without it, but you will have to work harder.


I follow you. I come from a programming background and am currently doing the GWAPT via SansOndemand. Great stuff so far. Kevin Johnson is hilarious :)
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

Salmonella

Newbie
Newbie

Posts: 1

Joined: Wed Mar 10, 2010 8:37 am

Post Wed Mar 10, 2010 8:49 am

Re: How difficult is the GWAPT certification

It depends on your background.  As a developer I found the GPEN to be harder.  Network folks will probably find the GWAPT harder. 
GPEN, GWAPT, working on GSSP-JAVA
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Wed Mar 10, 2010 8:45 pm

Re: How difficult is the GWAPT certification

I am attending the SANS Sec542 (GWAPT) class right now and think that this is pretty intense.  I agree with Salmonella, I am a networking guy and find this to be pretty advanced.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software