Passed GWAPT

supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
To be honest, that was an interesting test. The exam was not straight forward in the sense that it was is this or that, more about knowing how the technologies in web applications work. You really need to focus not getting to know the way web applications work. Knowing the tools and what is the result looks like after you run it is important. The course gets you started but there is a need for some work on your end. Learning the toolset and also how web applications work. Hope that helps anyone going for it.
Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
Current Goal: CCSE
Continuous Education Plan:​ AWS-SAA, OSCP, CISM
Book/CBT/Study Material:​ Max Power

Comments

  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Did you take the SANS 542 course before this, or did you challenge it?

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the pass and thanks for the tips!!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    LonerVamp wrote: »
    Did you take the SANS 542 course before this, or did you challenge it?

    I took the course as a work study. It definitely helped the process but I spent some time going over the OnDemand material and some labbing in order to prepare and I still wouldn't say I spent enough time learning the behind the scenes stuff on the technology. Needless to say, I am going to invest time now for a few weeks filling gaps.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Congrats supa! Are the SANS exams just question based? any labs or interactive modules during the test?
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Congrats!

    I ask, because I've been feeling weak in web testing attacks and have slated SEC 542 onto my training schedule early next year. Good stuff to know to keep context and scope in mind. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    chrisone wrote: »
    Congrats supa! Are the SANS exams just question based? any labs or interactive modules during the test?
    Multiple choice, but it was well done. I liked it.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    LonerVamp wrote: »
    Congrats!

    I ask, because I've been feeling weak in web testing attacks and have slated SEC 542 onto my training schedule early next year. Good stuff to know to keep context and scope in mind. :)

    If I had to choose after getting an intro to web apps, I would do the 642 if you are wanting to learn about attacks more than anything. I think the 542, like 560 is a great starting point (even though advanced) for those topics. They do split up the courses in a good place in order to get the right audiences in each course.
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • josephandrejosephandre Member Posts: 315 ■■■■□□□□□□
    congratulations
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    Which course did you like better, sec560 or sec542?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Which course did you like better, sec560 or sec542?

    he mentioned 542
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • MalwareMikeMalwareMike Member Posts: 147 ■■■□□□□□□□
    chrisone wrote: »
    he mentioned 542

    He said "I think the 542, like 560 is a great starting point (even though advanced) for those topics." but didn't specify if he liked one class more than the other...
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    Congrats on passing! Probably late to the party! Was there an area you wish you would have studied more from your books (SQL Injection, Session management ) etc. Any areas tested heavy (basic, forms authentication) etc.? Anything crazy with HTML injection or python requests library?
  • iotaiota Member Posts: 21 ■□□□□□□□□□
  • danGosdanGos Registered Users Posts: 3 ■□□□□□□□□□
    Congratulations!
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Thanks for the review, interested to see what you mean about understanding how the apps work.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
Sign In or Register to comment.