Advice on eWPT (eLearnSecurity) vs GWAPT (SANS)

nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
Hi everyone!

My employer might be sending me for SANS courses in March 2018, and I have a few questions:

1) Has anyone done eWPT (eLearnsecurity)'s course as well as GWAPT from SANS?
2) How similar are they?
3) Would you feel the eWPT provides a a good ramp up to the GWAPT?
4) Or is the eWPT somewhat on a similar difficulty scale of the GWAPT?

Let me know your thoughts and comments!

Just a bit of background on myself, I'm currently on the Blue Team now; trying to understand and dive in to the attacks that the Red Team uses on our websites. I've never setup a website before and I'm unfamiliar with web languages. I'm trying to pick up the pace and hopefully should have a firm base of knowledge by March 2018 :)


  • yhadjiyhadji Member Posts: 17 ■□□□□□□□□□
    I am also really interested in the eWPT cert. Does it provide adequate technical/practical knowledge?
  • ZzBloopzZZzBloopzZ Member Posts: 192
    If your employer is footing the bill then definitely go straight for the GWAPT. It is a pretty basic/foundational course so you do not need any pre-reqs outside of being able to read basic javascript and php. The course is designed for absolute beginners.

    I have no experience with eWPT, but there are some incredible resources for web app testing in general. Here is what I would do if you want to just do something until March:

    1. Read - The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - 2nd Edition (Don't do the labs in this book, as they are expensive and also honestly not that great compard to some of the FREE OWASP labs!) - Link
    2. Free Labs/practice - OWASP Mutillidae 2 (This is FANTASTIC! Plus they give you hints if/when needed and there are even step by step videos for the common vulnerabilities especially everything on the OWASP Top 10.) - Link
    3. Free labs #2 - OWASP Juice Shop is also great if you are itching for more after Mutillidae - Link

    After that, you will be plenty ready for the GWAPT. :c)
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    +1 for the The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - awesome book that covers just about everything you'll learn studying for the GWAPT or eWPT at a heck of a bargain price!

    +2 for Mutillidae (free) to practice the skills from the book you just bought, above

    Those are the cheap and easy ways to do it without any formalized instructions processes that cost a heck of a lot more
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Webgoat and DVWA are two additional practice resources similar to Mutullidae.
  • globalenjoiglobalenjoi Member Posts: 104 ■■■□□□□□□□
    Just want to add another resource. This VM has several broken web applications all in one easy-to-load image. Mutillidae, DVWA, some broken web games, broken Wordpress, plus many more. I'm currently using it with the web portion of the ELS PTP course, and hoping to go to training for GWAPT next spring.
  • nebula105nebula105 Member Posts: 60 ■■■□□□□□□□
    ZzBloopzZ, 636-555-3226, TechGuru80, globalenjoi

    Thanks so much for the advice; I'll work on the VMs and definitely get the Web Application Hacker's Handbook. It just so happens to be in stock and on sale this weekend.

    It's definitely a sign that I should carry on :)
Sign In or Register to comment.