GWAPT Books?

McFly

[h=2]GWAPT books?[/h]

Hi, i need some help from any person....i´m trying to get the GWAPT certification, but the cost of the official books is too high for me...Is there any possibility to get the GWAPT official books from Internet? I only saw the AudioBook file available on the Internet.....

In the case that is not possible to find the official books, what others books should i read to prepare the GWAPT exam?


Thanks in advance!

paul78

Hello and welcome to TE - I saw your question in the other thread but thought I would respond here instead since it's not related to the other thread.

To my knowledge, there are no other external books on GWAPT. You could probably piece together a few books which could give you the necessary knowledge and review. A few that come to mind include:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Dafydd Stuttard, Marcus Pinto: 9781118026472: Amazon.com: Books
Web Application Defender's Cookbook: Battling Hackers and Protecting Users: Ryan C. Barnett, Jeremiah Grossman: 9781118362181: Amazon.com: Books
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition: Joel Scambray, Vincent Liu, Caleb Sima: 9780071740647: Amazon.com: Books

I have never actually read any of those books but I have heard good things about them.

Secondarily - I suppose I would like to ask why you would not take the SANS course instead. GIAC certifications are highly correlated to the SANS material. I personally do not consider GIAC certifications to be of much value as a certification other than to assess knowledge from a SANS course.

McFly

Thanks! I already read The Web Application Hackers Handbook and the Hacking Exposed Web App 3....these books are excellent, but i don't know about the Web App Defender's Cookbook....i will find it! I don´t think to take the official courses, because these are more expensive than the official self study material... Thanks again!

idr0p

FYI, I believe if SANs finds out you used their copyrighted material, (that means books...AND the audio file you "found") they will strip you certifications at least and maybe sue you... even if you "borrow" someone else's materials you will just get them in trouble too.. I would suggest you not go that route.

docrice

Is there a reason why you want the GWAPT certification? It's not the most well-known certification out there, and in fact it's not considered a very difficult exam. There are plenty of free resources to learn the material with and a ton of books that cover the subject. If you just need a cert to put on paper, OSCP is probably a much more cost-effective bet.

idr0p

Actually the OSCP is not web focused and is much more self guided which would prolly not suit someone just looking for the material to pass a cert. A good comparable cert would be: Web Application Penetration Testing Boot Camp - InfoSec Institute but this is around the same price as the gwapt. pretty much all the materials to pass the cert are provided in The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws: Dafydd Stuttard, Marcus Pinto: 9781118026472: Amazon.com: Books

her is more resources you might find helpful.


https://www.owasp.org/index.php/Web_Application_Penetration_Testing

docrice

Hmm, I was under the impression that the OSCP was more web-oriented with some sprinkles of network-based pentesting. That's good to know.

JDMurray

When I did the OSCP course nearly three years ago, it was mostly application pen testing over a nework. The OSCP could certainly feature some tinkering with ports 80 and 443 if the authors wanted to.

YuckTheFankees

From what I have heard, the eCPPT certification course is great for people interested in web application attacks.