GCIA or GWAPT?

Hey guys,

I'm debating which one I should go for first... I have my GCIH and GPEN. I'm doing QA work with an emphasis on security but more on the 'backend' - the product has lots of moving pieces, including web servers, that I do have to look at. But as far as specifically looking for web vulnerabilities, that's not so much my emphasis. It does interest me though, and there are times where I'll get pulled into something where having advanced skills here would be beneficial. In fact, with new development plans, I foresee more involvement on the web-side anyway.

GCIA seems like a good all-around one to go for just to have the skills added too. And seems more for good foundation - I assume this will help with interpreting tcpdumps and network traffic analysis, something that I could always improve upon as well.

Anyway, I'm just not sure what would make the most sense to do first. I was initially leaning towards GCIA first but the next course isn't till Nov. There's a GWAPT course coming up soon in June.

Find more posts tagged with

Comments

ajd86

Sounds like you could almost flip a coin. You seem to have a good grasp of what each course and exam covers, and you would benefit a good deal from either course. Personally, I would take the June course - if for no other reason, you could be GWAPT certified before you would even begin the GCIA course in November.

jplee3

ajd86 wrote: »

Sounds like you could almost flip a coin. You seem to have a good grasp of what each course and exam covers, and you would benefit a good deal from either course. Personally, I would take the June course - if for no other reason, you could be GWAPT certified before you would even begin the GCIA course in November.

True... it would kinda be the best use of time I suppose if not anything else than keeping me occupied. Since tuition assistance at my company will only cover the cost of one course though, I could also wait till November if I wanted to take my sweet time hahaha.

docrice

The material between the two is quite different, so it's hard to say which one's more applicable without knowing more about your specific job requirements or personal interests.

jplee3

docrice wrote: »

The material between the two is quite different, so it's hard to say which one's more applicable without knowing more about your specific job requirements or personal interests.

No specific requirements for the job - I figure either would be useful. Part of what I do is reviewing firewall rules but on top of that should be closer inspection of traffic across various ports to reveal potential vulnerabilities and issues. I'm assuming SEC503 could help me get further along with respect to that. For the web app stuff, I don't deal with that as much or specifically but holistically it should be within scope of what I review as well.

As far as interests, I could go either way. I think it would be good to get more familiarized with interpreting and analyzing packet captures etc. On that web app side, that stuff has always interested me.

LionelTeo

GWAPT is useful is your would want to break into pentesting industry without worrying about getting into a daily vuln scan + reporting job. Since many of the web applications cannot be fully covered by a vuln scanner and has to be manually verified.

GCIA is best to break into SOC since seeing how much its a common requirement.

jplee3

LionelTeo wrote: »

GWAPT is useful is your would want to break into pentesting industry without worrying about getting into a daily vuln scan + reporting job. Since many of the web applications cannot be fully covered by a vuln scanner and has to be manually verified.

GCIA is best to break into SOC since seeing how much its a common requirement.

Right now I'm doing QA work with an emphasis on security. I suppose the GWAPT could be most relevant here. However, if the goal is putting myself in the shoes of a customer and trying to derive all use (and abuse cases) of the product in whatever context, I would think the GCIA still might be useful. Although, it might make sense to learn how to break the product first... I suppose if the GCIA is 'groundwork' type of material for learning the process in which to maliciously break apps though, it would be beneficial (in your guys' experience, is this the case?)

LionelTeo

GCIA is about wireshark, tcpdump, snort, silk, bro and how to analyse various traffic using them. Did you use them in your daily work?

jplee3

LionelTeo wrote: »

GCIA is about wireshark, tcpdump, snort, silk, bro and how to analyse various traffic using them. Did you use them in your daily work?

tcpdump and wireshark I use frequently when testing stuff. Snort, Silk and Bro not really at all (although, they could potentially be useful). The IDS stuff hasn't really applied thus far to my testing though.