Passed GWAPT

Mike7Mike7 Posts: 1,052Member ■■■■□□□□□□
Finally took the exam this Monday morning just before voucher expires tomorrow end July. I took SANS 542 course in March. My practice test scores were 79% and 86% respectively. First practice test was taken closed book, i.e. I did not refer to my course materials. Spent about 1:10 hours and passed with 94% :)


To be honest, the exam was not difficult if you know HTML, JavaScript and SQL; i.e. you have programming background. Which I did due to past experience as database admin writing stored procedures and optimizing SQL queries; and as a web application developer writing server code and more importantly writing and troubleshooting client script code. There were questions about tools, which you can easily find the answers to from the course materials.

Overall SEC542 is a good course to get web developers trained on security. Don't think I can be a web penetration tester yet. Think I will try eWPT next.

Comments

  • 636-555-3226636-555-3226 Posts: 976Member
    Agreed. I walked away with my GWAPT saying it's a great course to introduce someone to hacking web apps, but I'd never take the class thinking it's going to set me up to be a l33t hax0r. a starting point if you're looking to move into web app testing - definitely, but nothing that's going to make you an expert by any stretch of the imagination.
  • JoJoCal19JoJoCal19 California Kid Posts: 2,719Mod Mod
    Congrats on the pass man! GWAPT is one I'd love to do.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • Mike7Mike7 Posts: 1,052Member ■■■■□□□□□□
    Thanks! Got my GWAPT digital badge within an hour of passing, GIAC Advisory Board invitation before 9 am EST Monday morning, and Advisory Board badge before 5 pm EST. 2 badges to add to my LinkedIn within 24 hours after passing. icon_thumright.gif
  • JasionoJasiono Posts: 873Member
    Ok, question for you in regards to your skill set now post cert.
    Do you feel as though you have learned enough to be able to assess a web application if your employer came to you and asked you to test a web app that they developed?
    How heavily, if at all, was Burp Suite used?
    WGU Progress: In Progress | Finishing Bachelors Degree in IT-Security
  • markmorowmarkmorow Posts: 30Member ■■□□□□□□□□
    You use Burp Suite in the class quite a bit. I think you would have a good base to do what you want to do.
  • JasionoJasiono Posts: 873Member
    Very nice, thank you!

    To the OP - My apologies, where are my manners! Congrats on the pass!
    WGU Progress: In Progress | Finishing Bachelors Degree in IT-Security
  • MalwareMikeMalwareMike Posts: 124Member ■□□□□□□□□□
    I take the test on August 18th, thanks for the good info.
  • Mike7Mike7 Posts: 1,052Member ■■■■□□□□□□
    What markmorow said. I would ask employer to purchase Professional license for Burp Suite as the community edition has certain limitations with regards to speed and features. And just to add, my trainer Hassan El Hadary demonstrated bug bounties where he was able to find vulnerabilities using professional features of Burp Suite.
  • JasionoJasiono Posts: 873Member
    Yeah, we use Burp Suite Pro at work now, among 2 other tools, so I was curious. This will help me immensely.
    WGU Progress: In Progress | Finishing Bachelors Degree in IT-Security
Sign In or Register to comment.