.

GWAPT passed...

<<

docrice

User avatar

Newbie
Newbie

Posts: 31

Joined: Sun Nov 20, 2011 3:19 am

Post Wed Apr 11, 2012 12:22 am

GWAPT passed...

I made it through my fifth GIAC exam today and barely made it over the 90% score line.  I was stressing quite a bit before I sat down in front of the exam terminal and mentally cleared my mind for the inevitable fail.  It was a good exam with some quality analysis questions (and a few really lame ones).

I'm not aspiring to be a pentester and I don't think 542 will help someone go from zero to pro overnight.  It does provide good starting foundations though and there was broad coverage on different subject areas and lots of tools.  I'd guess that doing PWB would be more "fun," but 542 was a good experience nonetheless.  Kevin Johnson brought it all together quite well.

So that said, I have a spare GWAPT practice exam for someone who has never taken a GIAC practice (or real) exam before.  I know SANS courses and GIAC certification attempts aren't cheap, so instead of passing it to someone in the SANS Advisory Board or another forum where I've given away practice tests before, I figure I'd give someone here a shot at it.  So for a little fun, here are the rules:

  • You have never taken a GIAC exam before (I'm relying on your sense of honor here).
  • You must send your request to my email address encrypted with my GPG key.
  • Determine the OS and its version that my website is running on.
  • Determine the RFC1918 address space the server is sitting in.

I'm not inviting a pentest or simulated / real attack, just merely a casual scan and guess-work with your favorite interception proxy (if that's how you roll).  No exploits allowed, thank you very much.  I haven't patched in seven years (...just kidding).  If you can't find the answers, just pat yourself on the back for trying (not as if I could do any better) and email me your encrypted request.
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, WCNA, CCNA, CCNA Security, SFCP, SnortCP, and more useless acronyms.

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Wed Apr 11, 2012 12:24 am

Re: GWAPT passed...

Congratulations on the pass.  You say you're not aspiring to be a pentester, so...what is your goal?  Just curious.
BS in IT, CISSP, MS in IS Management (in progress)
<<

docrice

User avatar

Newbie
Newbie

Posts: 31

Joined: Sun Nov 20, 2011 3:19 am

Post Wed Apr 11, 2012 12:30 am

Re: GWAPT passed...

I work on the blue team side and my web app mindset was pretty much nonexistent before I took 542.  At work I'm quite often faced with looking at web traffic and configuring various infrastructure devices, so I needed something that would help me get up to speed with how web-based attacks work.  Before the course I had some vague notions of what SOAP was or what a Python script might have looked like.  I have a slightly better idea now, and every little bit helps.
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, WCNA, CCNA, CCNA Security, SFCP, SnortCP, and more useless acronyms.

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
<<

millwalll

Post Wed Apr 11, 2012 7:25 am

Re: GWAPT passed...

Congrats :)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Apr 11, 2012 7:31 am

Re: GWAPT passed...

Congratulations, Kimi! When are you scheduling that GSE written exam? ;)

Have you gone through the Web App Hackers Handbook (2nd)? If so, how did you feel it compared to the course? I'm thinking about challenging this one and would be interested in any recommendations for supplementary material outside of the course.
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Apr 11, 2012 7:58 am

Re: GWAPT passed...

docrice wrote:I work on the blue team side


Why don't you just knock GCED out of the way.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Apr 11, 2012 8:34 am

Re: GWAPT passed...

@docrice -

If you're looking to part with the pracice exam, I might be interested.  One of these days, I figured on at least attempting the exam, so I wouldn't mind seeing what's in the practice exam.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Wed Apr 11, 2012 11:59 am

Re: GWAPT passed...

Congrats!

And nice of you giving the practice exam!
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Wed Apr 11, 2012 4:26 pm

Re: GWAPT passed...

Congrats man! You certainly are destroying the GIAC exams. I am curious about your GSE date as well. You seem to have all of the required prereqs.

Also for those of us who would self study, do you a suggested book list?
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

docrice

User avatar

Newbie
Newbie

Posts: 31

Joined: Sun Nov 20, 2011 3:19 am

Post Thu Apr 12, 2012 12:03 am

Re: GWAPT passed...

ajohnson wrote:When are you scheduling that GSE written exam? ;)


Maybe in a few years if I haven't gone insane from all this studying?

ajohnson wrote:Have you gone through the Web App Hackers Handbook (2nd)? If so, how did you feel it compared to the course? I'm thinking about challenging this one and would be interested in any recommendations for supplementary material outside of the course.


I actually just ordered WAHH and it's on my long back-logged to-read list.  I figure I'll need additional reinforcement of the subject matter as well as a different perspective / author's voice.

sil wrote:Why don't you just knock GCED out of the way.


The GAWN and GPEN look more interesting, although I could certainly gain something from taking 501.  The problem is that the latter looks very much like another generalist course, similar to 401 and getting the GSEC.  I've always found the more specialized classes more interesting.

hayabusa wrote:If you're looking to part with the pracice exam, I might be interested.


I await your email message, per the rules above.

knwminus wrote:Also for those of us who would self study, do you a suggested book list?


After going through (I think) seven GIAC courses at this point, my general impression is that while one can certainly self-study the subjects and challenge GIAC exams directly, there are some things that the exams cover for which the information is well-noted in a specific SANS course.

Another way to put it is that since GIAC exams are pretty much based on the corresponding SANS material, you have a tactical home advantage with the SANS books in-hand.  There's some "specialized knowledge" in those books which may not be directly available in the pages at the bookstore, although at the same time it's not proprietary stuff either.  It's just that SANS packages a lot of things together and GIAC's coverage tends to be based on it.

I've never directly challenged GIAC exams without haven taken the relevant class first, although with some studying on the wireless side I could probably pass a GAWN attempt.  I very much enjoy the challenge of scoring above 90% (which I've been lucky to accomplish on all my GIAC attempts so far) so taking the course fulfills a gap which I think is more important that attaining the title, although it also helps pad my resume with more somewhat-useless alphabet.  That's a rant I'll save for another day.

We're fortunate enough to live in times where infosec books are a plenty.  Instead of chasing more acronyms, I think I'd gain more right now by reading non-certification books and applying the knowledge into actual practice.
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, OSWP, WCNA, CCNA, CCNA Security, SFCP, SnortCP, and more useless acronyms.

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Apr 12, 2012 7:20 am

Re: GWAPT passed...

LOL...  Somehow, I skimmed right past the rules above.  :)

I don't qualify, based on 'never having taken a GIAC exam.'  Save it for another who needs it, and good of you to offer it up for someone.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 12, 2012 9:14 am

Re: GWAPT passed...

docrice wrote:Maybe in a few years if I haven't gone insane from all this studying?


Lame ;)

docrice wrote:
The GAWN and GPEN look more interesting, although I could certainly gain something from taking 501.  The problem is that the latter looks very much like another generalist course, similar to 401 and getting the GSEC.  I've always found the more specialized classes more interesting.


I've actually seen the majority of the material because I've written some questions for the exam, and GCED is pretty serious. They actually don't even allow it to be challenged because they feel there's too much detailed information in the course material. I asked for an exception because I can't take it for two years after writing questions for it, but no dice...

hayabusa wrote:LOL...  Somehow, I skimmed right past the rules above.   :)


I was thinking about calling you out on that, but I figured it was just OSCE brain-fry :)
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Apr 13, 2012 8:02 am

Re: GWAPT passed...

ajohnson wrote:I was thinking about calling you out on that, but I figured it was just OSCE brain-fry :)


<nod>  Yep, it was.  (That AND the added stress, now, of prepping to move, in 7 weeks, from Ohio to Texas...)  But it's all good!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Xorcist

Newbie
Newbie

Posts: 2

Joined: Wed Apr 11, 2012 2:13 am

Post Sun Apr 15, 2012 12:32 am

Re: GWAPT passed...

Congrats dude..

Me too cleared GWAPT last month and was very happy about it.
i felt i have shelled out a bomb to SANS for sec542.. I now wanted to take GPEN. Can anyone suggest me the right course to take for taking this certification. plzz do not point me to SANS again.
<<

DWH

Newbie
Newbie

Posts: 1

Joined: Wed Aug 15, 2012 5:12 am

Post Wed Aug 15, 2012 5:15 am

Re: GWAPT passed...

Hi All,
I am willing to go for Giac GWAPT exam and I am searching about free practice exams, Can anyone help?
If there are no fee exams, can anyone help about test king or something like that to practice?
Appreciate your response.
Next

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software