TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
Alright all you SANS / GIAC experts...I am trying to decide which of the two I should take.

Is it possible to pass the GWAPT without taking GPEN or GCIH beforehand or is it too deep? I want to get into bug bounties and that seems like a logical step.


  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Half of the last GPEN day is GWAPT stuff, but very very very basic. If you're interested in exploiting all the things, start with GPEN and then dig deeper into the more focused GWAPT as a follow-up.

    If all you want to do is break into websites every day and get the bug bounties, do the GWAPT and then hit up SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques. No cert for that yet, but by the time you get to it you may just get lucky icon_smile.gif

    If you want to break into websites, you also need to recommend how to defend them (assuming you want to make money doing this). In that case I'd also recommend slotting DEV522 Defending Web Applications Security Essentials in there somewhere. SANS has two follow-up defensive programming classes that are OK follow-ups as DEV522 isn't the hardest class in the world....
  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I never did the GPEN but I did do the GWAPT a few years ago. I scored a 97%. To be honest, I wasn't particularly impressed with the material. I actually thought it was mostly just an overview of web app pentesting and pretty basic. And I'm by no means a pent-tester. Ever since taking the GWAPT, I've pretty much avoided GIAC as a training resource for myself.
Sign In or Register to comment.