GWAPT before GPEN?

Hey guys,

I'm a web application developer and wanted to increase my knowledge in security. I was planning to take the GPEN an GWAPT tests. Should I take the GPEN before the GWAPT? Anyone have any recommendation?

Thanks

Find more posts tagged with

Comments

docrice

The GWAPT is obviously much more applicable to you. The GPEN covers a much broader (relatively still introductory) area of pentesting. SANS SEC560/GPEN touches upon web app pentesting just slightly.

SANS also offers development-centric courses, although this is out of my domain:

https://www.sans.org/curricula/secure-software-development

jplee3

willhart wrote: »

Hey guys,

I'm a web application developer and wanted to increase my knowledge in security. I was planning to take the GPEN an GWAPT tests. Should I take the GPEN before the GWAPT? Anyone have any recommendation?

Thanks

It depends on if you want to increase in security knowledge within your current arena (webapps) or if you want a overall end-to-end view of pentesting. You can think of the GWAPT as sort of a 'subset' of GPEN. GPEN will not go into details of web-specific pen testing and will only touch upon it as docrice points out. Both are good but it just depends on what is more important/urgent to you at the time.