.

GWAPT - Challenge possible for a noob?

<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Wed Dec 01, 2010 11:12 pm

GWAPT - Challenge possible for a noob?

Greetings All:

I am a lerker here and occasionally I post (and log in). Today I am posting about GWAPT. I have found several threads here pointing out information about the exam but what I was wondering is if any one here has actually challenged it? I am being tasked with security our web severs and web code and I was thinking about studying for the GWAPT. I already have the web application hackers handbook and I am reviewing the OWASP testing guide. I plan to finish both as soon as possible. I also would like to take the So you want to learn web application hacking course and elearnsecurity before I attempt this (as well as complete C|EH eCPPT and a few others). I was just wondering if 8-9 months would be enough for a total noob to get to this level. Any thoughts?

My background:

I have been somewhat thrown into a infosec position (and I am happy  :) ) I have the certs listed in my signature and I am working on the SSCP as we speak. I would like to work on layer 3-7 security so I'd like GSEC, GCIA, GPEN and GWAPT.  My current position is becoming oriented in the direction of those 4 certs but I can't afford them all (even if I did challenge). At best I would be able to do GCIA and GWAPT (which are two I really, really want anyway).
Last edited by knwminus on Wed Dec 01, 2010 11:13 pm, edited 1 time in total.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Dec 02, 2010 1:41 am

Re: GWAPT - Challenge possible for a noob?

I think it's do-able from your stand-point. I know you get 120 days in the eLearnSecurity course before you can officially take on the certification attempt, infact they allow you to opt for it after being enrolled in the course for 7 days. This is way more than enough time to go through the entire content. The, "So you want to be a web-app pentester" course from learnsecurityonline looks like it has it's pluses too - very affordable, no certification attempt but looks like it goes very in-depth regarding attack vectors. I would recommend taking one of these courses first before opting for GWAPT but I haven't taken the GWAPT course and don't know how intense it is.

If you have the web application hackers handbook it sounds like you have a great resource already. Public vulnerable web apps out there like damn vulnerable web app and Mutillidae serve to be other great resources - you should have a look at them.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Thu Dec 02, 2010 6:24 pm

Re: GWAPT - Challenge possible for a noob?

Thanks for the replies and suggestions. I hadn't heard of Mutilldae. I will probably work with DVWA later tonight (and crack my web application hackers handbook). Guess not many folks work with web stuff around here lol
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

alan

User avatar

Newbie
Newbie

Posts: 48

Joined: Sat Dec 27, 2008 11:55 pm

Post Fri Dec 03, 2010 1:24 am

Re: GWAPT - Challenge possible for a noob?

I can't help with GWAPT exam experience, but as Kris mentions, that books is a great resource.

you should check out OWASP broken web applications http://code.google.com/p/owaspbwa/ It has the apps you've listed aswell as some old versions of web apps that were vulnerable.

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software