Advice on eWPT (eLearnSecurity) vs GWAPT (SANS)

Hi everyone!

My employer might be sending me for SANS courses in March 2018, and I have a few questions:

1) Has anyone done eWPT (eLearnsecurity)'s course as well as GWAPT from SANS?
2) How similar are they?
3) Would you feel the eWPT provides a a good ramp up to the GWAPT?
4) Or is the eWPT somewhat on a similar difficulty scale of the GWAPT?

Let me know your thoughts and comments!

Just a bit of background on myself, I'm currently on the Blue Team now; trying to understand and dive in to the attacks that the Red Team uses on our websites. I've never setup a website before and I'm unfamiliar with web languages. I'm trying to pick up the pace and hopefully should have a firm base of knowledge by March 2018

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

yhadji

I am also really interested in the eWPT cert. Does it provide adequate technical/practical knowledge?

ZzBloopzZ

If your employer is footing the bill then definitely go straight for the GWAPT. It is a pretty basic/foundational course so you do not need any pre-reqs outside of being able to read basic javascript and php. The course is designed for absolute beginners.

I have no experience with eWPT, but there are some incredible resources for web app testing in general. Here is what I would do if you want to just do something until March:

1. Read - The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - 2nd Edition (Don't do the labs in this book, as they are expensive and also honestly not that great compard to some of the FREE OWASP labs!) - Link
2. Free Labs/practice - OWASP Mutillidae 2 (This is FANTASTIC! Plus they give you hints if/when needed and there are even step by step videos for the common vulnerabilities especially everything on the OWASP Top 10.) - Link
3. Free labs #2 - OWASP Juice Shop is also great if you are itching for more after Mutillidae - Link

After that, you will be plenty ready for the GWAPT. :c)

636-555-3226

+1 for the The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - awesome book that covers just about everything you'll learn studying for the GWAPT or eWPT at a heck of a bargain price!

+2 for Mutillidae (free) to practice the skills from the book you just bought, above

Those are the cheap and easy ways to do it without any formalized instructions processes that cost a heck of a lot more

TechGuru80

Webgoat and DVWA are two additional practice resources similar to Mutullidae.

globalenjoi

Just want to add another resource. This VM has several broken web applications all in one easy-to-load image. Mutillidae, DVWA, some broken web games, broken Wordpress, plus many more. I'm currently using it with the web portion of the ELS PTP course, and hoping to go to training for GWAPT next spring.

https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

nebula105

ZzBloopzZ, 636-555-3226, TechGuru80, globalenjoi

Thanks so much for the advice; I'll work on the VMs and definitely get the Web Application Hacker's Handbook. It just so happens to be in stock and on sale this weekend.

It's definitely a sign that I should carry on