GWAPT Challenge - Study Recommendation

amarsuhas

Hello, I am planning to challenge GWAPT Certification.

1) Does anyone have any recommendations for books?

2) is the Challenge exam same as other GWAPT exam which you get after attending the live training?

3) Let me know if someone has extra practice test to share.

Find more posts tagged with

GIAC

GIAC Exam

Comments

McxRisley

The first question we need to ask is do you have ANY web application knowledge or testing experience at all? Getting a better idea of your current knowledge and skill level can help us steer you in the right direction.

amarsuhas

I have 8+ years of web pentest experience and recently cleared GMOB.

LonerVamp

If you have 8+ years web pentest experience, the GWAPT should be no problem at all, and honestly quite a bit beneath you. I just took the exam last week (97%), and while I've been around security quite some time and practiced against PWK/OSCP labs and the HTB labs, I wouldn't say I've ever done any web app pen tests professionally. I took the SEC542 course back in February. I found it useful and well-taught, but honestly I overrestimated the content, and I would say a good 75%+ of it were things I'd already known or been exposed to. It's very surface level.

For studying, I'd suggest knowing how to attack/demonstrate OWASP Top 10 flaws, know about ZAP/Burp and other tools on the syllabus. Know how to attack AJAX and the basics on how to use Python requests.

For practice, I'd suggest DVWA and Mutillidae (the course itself is designed heavily around those two), and mix in OWASP Juice Shop or any others you feel are useful.