GPEN or GWAPT!!??

lucky4lifelucky4life Posts: 8Registered Users ■■□□□□□□□□
I'm sure it has been discussed before, but I am throwing this out there.  My next SANS training (due to increased workload) is to be GPEN or GWAPT....but I have no idea which one to pick. I already have my GCIH.
My boss currently holds the GPEN cert, and my co-worker currently holds GWAPT.

Both are beneficial to the work we can/will be doing.  I've heard that there is some overlap of GCIH in GPEN, so I am kinda leaning more towards GPEN. Can anyone offer some advice as to which one is more difficult, or which way you would lean?  Thanks in advance!

Comments

  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Posts: 462Member ■■■■■□□□□□
    You want to write wat with a Pen?
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 342Member ■■■■□□□□□□
    You could try to borrow and flip through the books from your corkers. :)

    Difficulty is going to be different for each person and what they bring to the table as far as interest, experience, and skills. I would suggest googling "GPEN review" and "GWAPT review" for additional stories on experiences from other students.

    It also depends on what you want to do. GWAPT is entirely web app pen testing for *new* pen testers. It helps if you go in with a little Burp Suite knowledge (find some tutorials to follow) and some experience hosting, adminning, or writing web pages to any degree. Bonus if you're already familiar or have performed some web app attacks.

    I have not taken GPEN, but I believe it leans into the network penetration testing side of the house. Probably enumeration and firing off exploits via Metasploit or manually.

    For me, I passed OSCP a few years ago. After doing so, I decided I probably don't need GPEN as there seems to be lots of overlap. I took GWAPT earlier this year, and I have to say I already knew most of material and didn't learn too much new. If web app testing is entirely new, you'll learn a lot more than I did.

    Personally? You can get GPEN by spending less and having more fun with OSCP pursuits. With GWAPT, same thing applies, and add in some HTB work, and you can get that experience for free from those and other sources. I'd pick whatever one you think will be harder to understand and acquire on your own. :)  (I'd choose GPEN, with full hindsight.)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
  • iBrokeITiBrokeIT GXPN GPEN GWAPT GCFE GCIH GSEC eJPT Sec+ Posts: 1,220Member ■■■■■■■■■□
    Difficulty will vary depending on the individual.  Do you want to do network penetration testing or webapp penetration testing?  That's what it boils down to.  Also, 560 does contain a webapp day.
Sign In or Register to comment.