GIAC GWEB Certification

DragonAgeDragonAge Registered Users Posts: 3 ■□□□□□□□□□
I had taken DEV 522 course from SANS 4 months back which maps to GIAC Certified Web Application Defender (GWEB) certification. I am planning to take the exam within 10 days. I got around 80 % in the practice test. People say that this certification is tuff. It goes in depth into the web application defense. Minimum passing score for this certification is 68%.

Could someone please guide me, Am I good to go for actual test with 80% score in practice test after going through weak topics once again . If someone had taken this certification , please advise how close will be the actual test compared to practice test.

I really wanted to get >= 90% in certification to be part of advisory board . Please advise.


  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I don't know anyone who has gone through 522 and sat the GWEB exam. That said, out of the five GIAC exams that I've sat for, I'd say the practice exams felt very close in the experience to the real exam. When you're taking the real test, you might be more nervous or there might be other factors in play. If you really want the 90+ score, I'd recommend ensuring that your index is complete for you and that you review everything.

    Also, call ahead to your testing facility and make sure they understand that this is an open-book exam. Many Pearson VUE centers are not aware of this and there have been reported problems at some locations as the staff wasn't sure how to handle this.
    Hopefully-useful stuff I've written:
  • DragonAgeDragonAge Registered Users Posts: 3 ■□□□□□□□□□
    Thanks docrice. Will let you know once I finish my GWEB cert. Will make sure Index is complete. During my practice test they were very few questions may be 5% are direct questions, rest of the questions are more kind of scenario based and it definitely require your application security skill and the concepts learnt during the course to apply. As per my colleagues , this exam is kind off different from other GIAC exams.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I'm curious if you found that course useful. The course seemed long in duration to cover the OWASP top 10.

    I've only taken two SANS courses and I'm not a big fan of SANS. The price to value just doesn't seem to be justified. But every time that I swear off SANS, I find an interesting course like SEC522 and SEC642 that I consider.

    Good luck on the GWEB.
  • DragonAgeDragonAge Registered Users Posts: 3 ■□□□□□□□□□
    I am from development and Web Application pentesting background, this course was really usefull for me in terms of defense since I learnt a lot more on defending the web applications. This is definitely a good course for pen testers who are interested in learning about the defense.
  • I2SecureI2Secure Member Posts: 13 ■□□□□□□□□□
    nice to hear that i would wish you best of luck
  • gaurav.gauravagarwalgaurav.gauravagarwal Registered Users Posts: 2 ■□□□□□□□□□
    Guys, Is there any study guide available to prepare for this exam? I could not find any icon_sad.gif
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Gaurav - the official materials from SANS are really the only materials available. As a for-profit business, SANS protects its materials very closely because the business model is to drive people towards purchasing their training. To my knowledge, SANS does not license their materials to other third parties.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    your best bet is to dig up amazon for similar 2-3 books that covers up 1000 pages in total. Index it well and use it against a practice test and see how far you do. Before pouring the rest of the money in the actual exam.
Sign In or Register to comment.