Options

GWAPT before GPEN?

willhartwillhart Registered Users Posts: 2 ■□□□□□□□□□
Hey guys,

I'm a web application developer and wanted to increase my knowledge in security. I was planning to take the GPEN an GWAPT tests. Should I take the GPEN before the GWAPT? Anyone have any recommendation?

Thanks

Comments

  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The GWAPT is obviously much more applicable to you. The GPEN covers a much broader (relatively still introductory) area of pentesting. SANS SEC560/GPEN touches upon web app pentesting just slightly.

    SANS also offers development-centric courses, although this is out of my domain:

    https://www.sans.org/curricula/secure-software-development
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Options
    jplee3jplee3 Member Posts: 51 ■■■□□□□□□□
    willhart wrote: »
    Hey guys,

    I'm a web application developer and wanted to increase my knowledge in security. I was planning to take the GPEN an GWAPT tests. Should I take the GPEN before the GWAPT? Anyone have any recommendation?

    Thanks

    It depends on if you want to increase in security knowledge within your current arena (webapps) or if you want a overall end-to-end view of pentesting. You can think of the GWAPT as sort of a 'subset' of GPEN. GPEN will not go into details of web-specific pen testing and will only touch upon it as docrice points out. Both are good but it just depends on what is more important/urgent to you at the time.
Sign In or Register to comment.