GWAPT Challenge - Study Recommendation

amarsuhasamarsuhas Registered Users Posts: 9 ■■■□□□□□□□
Hello, I am planning to challenge GWAPT Certification.
1) Does anyone have any recommendations for books?
2) is the Challenge exam same as other GWAPT exam which you get after attending the live training?
3) Let me know if someone has extra practice test to share.
Tagged:

Comments

  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 488 ■■■■■□□□□□
    edited April 2019
    The first question we need to ask is do you have ANY web application knowledge or testing experience at all? Getting a better idea of your current knowledge and skill level can help us steer you in the right direction.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • amarsuhasamarsuhas Registered Users Posts: 9 ■■■□□□□□□□
    I have 8+ years of web pentest experience and recently cleared GMOB.
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Member Posts: 435 ■■■■■■□□□□
    edited April 2019
    If you have 8+ years web pentest experience, the GWAPT should be no problem at all, and honestly quite a bit beneath you. I just took the exam last week (97%), and while I've been around security quite some time and practiced against PWK/OSCP labs and the HTB labs, I wouldn't say I've ever done any web app pen tests professionally. I took the SEC542 course back in February. I found it useful and well-taught, but honestly I overrestimated the content, and I would say a good 75%+ of it were things I'd already known or been exposed to. It's very surface level.

    For studying, I'd suggest knowing how to attack/demonstrate OWASP Top 10 flaws, know about ZAP/Burp and other tools on the syllabus. Know how to attack AJAX and the basics on how to use Python requests.

    For practice, I'd suggest DVWA and Mutillidae (the course itself is designed heavily around those two), and mix in OWASP Juice Shop or any others you feel are useful.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS SA-A, CCSK
    2020 goals: AWS Security Specialty, AWAE or SLAE, CISSP-ISSAP?
Sign In or Register to comment.