GWAPT - Tips/Advice?
Hello TE,
I took the SEC542 course over the summer. Unfortunately, shortly after completing the course had lots of crazy family/life type events. I am now finally able to focus again since early last week. I am listening to the seminar and should be done through it tomorrow. Then I will take my time and go over the material again this time taking notes and creating an index... at a slower more critical pace. I have the exam scheduled for end of the month as I have a work deadline for it, so that is helping with the discipline. I am officially in study zone.
I do web app testing for a living granted I have only been doing it for 3+ months now. We do part manual and part Burp Pro. I am getting nervous for the exam especially since I will not get reimbursed for training until I pass the exam. Someone was telling me the exam is not that difficult but they have been doing web app testing for years. However, I was thinking since it is just a 5 day class of actual material, and it's open book would it really be that hard as long as I put in the work to study the provided material and index?
I plan to take a practice exam end of this week and calibrate on weak areas from there. Do you have any other tips/advice/thoughts on the GWAPT? Anyone have an amazing index I could use as a template or good **** sheets outside of what SANS provides?
Thanks!
I took the SEC542 course over the summer. Unfortunately, shortly after completing the course had lots of crazy family/life type events. I am now finally able to focus again since early last week. I am listening to the seminar and should be done through it tomorrow. Then I will take my time and go over the material again this time taking notes and creating an index... at a slower more critical pace. I have the exam scheduled for end of the month as I have a work deadline for it, so that is helping with the discipline. I am officially in study zone.
I do web app testing for a living granted I have only been doing it for 3+ months now. We do part manual and part Burp Pro. I am getting nervous for the exam especially since I will not get reimbursed for training until I pass the exam. Someone was telling me the exam is not that difficult but they have been doing web app testing for years. However, I was thinking since it is just a 5 day class of actual material, and it's open book would it really be that hard as long as I put in the work to study the provided material and index?
I plan to take a practice exam end of this week and calibrate on weak areas from there. Do you have any other tips/advice/thoughts on the GWAPT? Anyone have an amazing index I could use as a template or good **** sheets outside of what SANS provides?
Thanks!
Comments
Current Goal: CCSE
Continuous Education Plan: AWS-SAA, OSCP, CISM
Book/CBT/Study Material: Max Power
Not sure if your material was the old stuff or new stuff, or where it'd fall into the exam questions. Not trying to get you down, just letting you know what I heard. Post back afterward and give us the truth!
Hopefully someone that took exam in 2017 could post some feedback here.
One would think that if there was any type of updates for an exam, GIAC would provide that material to those who have taken the course. Although the courses are great, and you certainly learn a lot, SANS/GIAC really needs to up their standards when providing updates for course material. Even if they did have that available, they would be charging for that too.
Sure if you have a lot of real world experience, then the exam would be a piece of cake. Since you are just starting out, my advice would be to take the information you learned from the course, and bypass the exam all together.
Thank you for your detailed response. Unfortunately, I do have to take the exam due to a work requirement. I am starting to stress out now based on your response. I do feel the material is pretty basic/foundational. The only area I really will focus on next weekend is the SQLi but the other stuff does not seem too bad. I will definitely be making a full index/**** sheet for every tool and syntax mentioned in the material as I do not use most of them. What month did you take the exam? Hopefully they have the exam more in line with the material now.
The other advice I'd give you is do the labs. I did not. I regret it. Like a lazy ******* I didn't do it and it almost cost me. I barely passed.
I read the books 3 times, made an index (!important), and studied the practice exams content. I don't actually think I watch all the lectures.
I'm not smart. I struggle with reading and comprehension. I also forget a lot of things. For example, what was that command for identifying a blind SQLi again? I don't remember but it's on my index! I'm aware of my weaknesses and learned to cope by studying more and being resourceful. I learned a lot about recall and studying skills watching the crash course channel (https://www.youtube.com/watch?v=IhuwS5ZLwKY&list=PL8dPuuaLjXtNcAJRf3bE1IJU6nMfHj86W) . Also watch the computer science Crash Course channel so you can learn about the basics which helped me to put some of the GWAPT content into context that i could relate to and understand. Which in turns helped me to remember.
Make your index, make it good, and do it thoroughly. It will really help you to focus and remember. Dont be like me and wait the last week before studying. Dont be like me and avoid the labs. If you do all I said you'll be a lot more prepared than I was and I passed.
I asked this exact question at the last SANS conference I attended. I was told that when you registered for your exam, your exam would be based on the course materials you possessed. Regardless if they had a complete rewrite of the material, your test should have been based on the material available before this re-write. If you believe your exam had significant content that was not in the material you possess, I would write SANS and ask them to confirm the exam you took was based on the material version you have, and not the new exam. If there's a discrepancy, perhaps they will give you a retake, or send you updated material. Can't hurt to ask.