Passed GWAPT

SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
Sorry this probably won't be a full review like I may have normally posted.

I tested out of 542 GWAPT today. As always I got close to 90 but no cigar. This is actually my first GIAC exam taken since becoming a Pentester, and my first in quite some time. I will say that the course is good, it provides decent coverage of what you can expect to be doing as a web app tester, and of course I saw things in there that were new to me which is always nice. I will say I was not a fan of the python section as it's not something I use in my work outside of running scripts that others made and I don't think it's *necessary* for a WAPentester. Useful yes, but i'm not sure I would have included it as a testable subject. I noticed as well a few problems in the material that should have been caught in copyediting, no big deal though.

I felt that having tabs for the sections is a great way to break up the book into readable sections, and it's great for the exam. Obviously SANS does a good job of making the material easy to understand.

On the exam, I felt that this was a weird GIAC exam, it's different than the others i've taken and speaking to others who've taken it, it seems to be i'm not the only one who says so. I felt that even though most of the material could be found in the books, it wasn't directly referenced, and there were a number of questions where I felt that the answers were inaccurate given the question. Overall however it tests well the material in the course. There weren't a lot of questions I could answer just straight off, most required at least some thought, and  I often found myself selecting an answer then verifying with the books. Some of those exam questions however were annoying.

Recommendations: I'm interested in reading a book by a friend of mine to see if it lines up with the objectives of the course, but that may be a while away. Read the books, then I took a test mostly without the books and noted areas where there were weaknesses. Make sure you understand where to go in the book to understand code snipets, related to various attacks. Make sure you understand how to read output and understand the tool or code in use.

I may have additional thoughts later, now its time for sleep. i'll answer any questions I can.


  • josephandrejosephandre Member Posts: 315 ■■■■□□□□□□
    Congrats.   I've perused the materials while a co-worker is preparing for the exam, and... I gotta say that I'm not overly impressed with it. 
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Thanks for the information, and grats on the pass! I'm set to take this course first quarter in 2019.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Congrats! Having taken GWAPT and GCIH, I can say that GWAPT test more of your understanding of concepts, which is a challenge if you are not familiar with HTTP protocol, web programming and web sever technologies. 
Sign In or Register to comment.