Passed GWAPT

Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
Finally took the exam this Monday morning just before voucher expires tomorrow end July. I took SANS 542 course in March. My practice test scores were 79% and 86% respectively. First practice test was taken closed book, i.e. I did not refer to my course materials. Spent about 1:10 hours and passed with 94% :)

To be honest, the exam was not difficult if you know HTML, JavaScript and SQL; i.e. you have programming background. Which I did due to past experience as database admin writing stored procedures and optimizing SQL queries; and as a web application developer writing server code and more importantly writing and troubleshooting client script code. There were questions about tools, which you can easily find the answers to from the course materials.

Overall SEC542 is a good course to get web developers trained on security. Don't think I can be a web penetration tester yet. Think I will try eWPT next.


  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Agreed. I walked away with my GWAPT saying it's a great course to introduce someone to hacking web apps, but I'd never take the class thinking it's going to set me up to be a l33t hax0r. a starting point if you're looking to move into web app testing - definitely, but nothing that's going to make you an expert by any stretch of the imagination.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the pass man! GWAPT is one I'd love to do.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Thanks! Got my GWAPT digital badge within an hour of passing, GIAC Advisory Board invitation before 9 am EST Monday morning, and Advisory Board badge before 5 pm EST. 2 badges to add to my LinkedIn within 24 hours after passing. icon_thumright.gif
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    Ok, question for you in regards to your skill set now post cert.
    Do you feel as though you have learned enough to be able to assess a web application if your employer came to you and asked you to test a web app that they developed?
    How heavily, if at all, was Burp Suite used?
  • markmorowmarkmorow Member Posts: 44 ■■■□□□□□□□
    You use Burp Suite in the class quite a bit. I think you would have a good base to do what you want to do.
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    Very nice, thank you!

    To the OP - My apologies, where are my manners! Congrats on the pass!
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    I take the test on August 18th, thanks for the good info.
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)

  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    What markmorow said. I would ask employer to purchase Professional license for Burp Suite as the community edition has certain limitations with regards to speed and features. And just to add, my trainer Hassan El Hadary demonstrated bug bounties where he was able to find vulnerabilities using professional features of Burp Suite.
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    Yeah, we use Burp Suite Pro at work now, among 2 other tools, so I was curious. This will help me immensely.
Sign In or Register to comment.