.

SANS Sec542 (GWAPT)

<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Thu Jul 28, 2011 11:23 am

SANS Sec542 (GWAPT)

Just took this class at SansFire last week.  How many "wow" and "awesome" words can I come up with to describe the class?  Here's what I gained:

-A more in-depth understanding of exploits I was familiar with (XSS, for example, which now terrifies me more than ever).

-An introduction to new attack vectors (SOAP, AJAX, Web Services)

-Deeper knowledge of tools I already use (learned some neat tricks with Burp Proxy, and other tools)

-Introduced to some new, very nifty tools

-Got to mingle with some fantastic geeky folks

-And of course, real-world exercises including a CTF event on the last day.

And what can I say about the instructor, Kevin Johnson... the guy is a card, but he's sharp, and an incredibly effective instructor (I'll be looking forward to 642 when it's ready).  

I'm making my first trip to DefCon mostly to see his talk on exploiting web services.  If you're a pen tester and going to be at DefCon, be absolutely certain to attend the "Don't Drop the SOAP: Real World Web Service Testing for Web Hackers" talk: https://www.defcon.org/html/defcon-19/d ... html#Eston  Judging by the discussion we had in class, they are going to release some great info on this attack vector, which currently isn't very well documented.

Aside from the 6-day cram turning my brain in to mush, I can't think of a single bad thing to say about the class.  If you're involved in web app pen testing, Sec542 is time very well spent!

Next step, GWAPT exam!

If anyone has questions on the class or materials, please don't hesitate to ask!
Last edited by rance on Fri Jul 29, 2011 1:25 am, edited 1 time in total.
Poking at security since 1986.  +++ATH
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jul 28, 2011 12:40 pm

Re: SANS Sec542 (GPEN)

I think you mean GWAPT ;)

And I agree, Kevin is fantastic! I'm lucky that he is relatively local and comes to speak at our local ISSA chapter periodically. SEC542 + a copy of Web Application Hackers Handbook + a copy of Burp Pro is an amazing foundation for web app pentesting.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Thu Jul 28, 2011 12:50 pm

Re: SANS Sec542 (GWAPT)

Too many acronyms, and my brain is still mush. :)

I'm eagerly awaiting WAHH v2.  I think october is the tentative release date for that...
Poking at security since 1986.  +++ATH
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Fri Jul 29, 2011 12:51 am

Re: SANS Sec542 (GWAPT)

great review. Im probably about 8-12 months away from taking any SANS classes but I cant wait. Everything I hear about them is always positive. I hope to take GPEN, GWAPT, and GCIH.

Did you feel that you could of taken the exam after the class, or would you need a little more time to study?


thanks
OSCP in progress
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Jul 29, 2011 1:24 am

Re: SANS Sec542 (GWAPT)

YuckTheFankees wrote:great review. Im probably about 8-12 months away from taking any SANS classes but I cant wait. Everything I hear about them is always positive. I hope to take GPEN, GWAPT, and GCIH.

Did you feel that you could of taken the exam after the class, or would you need a little more time to study?


thanks


To be honest, I haven't even seen a practice exam.  I should probably look in to that since I did get the exam bundle with the course, so I will be taking it.  I'll have to get back to you... :)
Poking at security since 1986.  +++ATH
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jul 29, 2011 7:25 am

Re: SANS Sec542 (GWAPT)

Currently GWAPT is one of the easiest GIAC exams. The exams are moving to a format with fewer but harder questions in the next few months. Basically there are a lot of questions that can be answered directly from the courseware. The newer questions will focus more on application of the knowledge in the courseware so you can't just lookup the switch to define a host in Nikto or know what WSDigger is used for. Questions will be more focused on the understanding of material in the courseware and utilizing that understanding in practical application of the knowledge. It's still multiple choice, but will require a bit more thought.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Fri Jul 29, 2011 3:14 pm

Re: SANS Sec542 (GWAPT)

Nice topic.

I will do the course in Ottawa (28 aug - 2 sept). Maybe there are other members that are taking it.

Do I need something special for the course??
Maybe Burp pro??
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Jul 29, 2011 3:29 pm

Re: SANS Sec542 (GWAPT)

alucian wrote:Nice topic.

I will do the course in Ottawa (28 aug - 2 sept). Maybe there are other members that are taking it.

Do I need something special for the course??
Maybe Burp pro??


For what they teach, you don't NEED pro, but you will work with the free version. Which of course means you lose the ability to save and run the scanner.  About the only place I'd see your license being useful is in the CTF exercise, but it's not necessary.

If you want to get familiar with the toolset you'll be using, grab SamuraiWTF.

I'm certain you'll enjoy the class, good luck!
Poking at security since 1986.  +++ATH
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jul 29, 2011 3:39 pm

Re: SANS Sec542 (GWAPT)

I agree with Rance, but Burp pro is so cheap and its amazing how badly the free version is throttled. When I switched to pro and fired up Intruder I was floored. I used it in the CtF and while my group only placed in the middle of the pack it was not due to any slowness of tools. (except maybe Dirbuster) Just slowness of brains :) (I got SE'd by Kevin, spent hours attacking the wrong target. I shall say no more LOL!)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Fri Jul 29, 2011 4:02 pm

Re: SANS Sec542 (GWAPT)

tturner wrote:Just slowness of brains :)


Same thing happened to me.  I actually had a flag within the first oh 10 minutes or so, but I overlooked it.  Repeatedly.  My brain just wasn't processing information in my favor.  Kevin finally had to smack me upside the head. :)

I forgot about Burp intruder being throttled and limited to one field.  Still doesn't make Pro necessary for the course, though.

I was working through some of my exercises last night and ALMOST whipped out the CC for to purchase my own license.  It'll happen, just need to wait for payday.
Poking at security since 1986.  +++ATH
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sun Jul 31, 2011 8:15 pm

Re: SANS Sec542 (GWAPT)

Thanks for the information.
If the company will pay for it before the course I will use it.

I am sure that I will enjoy the course.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Sat Nov 05, 2011 12:55 am

Re: SANS Sec542 (GWAPT)

rance wrote:(I'll be looking forward to 642 when it's ready).


According to the list here, looks like it'll be March 2012 :)

http://www.sans.org/security-training/a ... g-1641-mid
Last edited by lorddicranius on Sat Nov 05, 2011 1:26 am, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Mon Nov 07, 2011 9:39 am

Re: SANS Sec542 (GWAPT)

As far as I know 642 did not make the cut for Orlando. If I'm not mistaken, May will be the first appearance but I'm not sure at which event. If you look at the AppSec 2012 event in April it's not listed there and you'd think it would be if it was ready. http://www.sans.org/appsec-2012/
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Tue Nov 08, 2011 3:05 pm

Re: SANS Sec542 (GWAPT)

Hi,

I have a question about the exam: how much are they covering the tools in the exam? I already read all the books, but I didn't made any index.

For me Day 4 (Client side discovery) was the most difficult to digest, and I think that I need to read some extra materials.

In the same time I don't want to spend too much time on this, so I want to pass the exam asap, and then to apply the knowledge.

Thanks!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Wed Nov 09, 2011 5:00 pm

Re: SANS Sec542 (GWAPT)

I've been trying to get my books tagged before I jumped in to one of my practice exams.  Figured I'd tag first, take a practice test, then adjust as necessary... then hopefully use the second practice exam to make sure I get 100%! :)

don't know if you have access to the practice exams. I bundled my exam cost with my sec542 class, and the two practice exams showed up in my SANS portal... if you do have them available, you can run through one and see where the focus is.
Poking at security since 1986.  +++ATH
Next

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software