Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!


GWAPT_SilverAfter almost a year I’ve finally managed to take the GWAPT (Web Application Penetration Tester) exam, just in time to head to SANS London and the Security Essentials class. I have mixed feelings on the exam. Even though I passed with a good mark (96.67%), the 5 that I got wrong were (in my opinion) a little questionable. Still, I’m sure I’ll hit the holy grail (100%) sooner or later 😉 It will just take time, and patience.

For a little history on this, I first attended the 4-day version of the SEC-542 back in December last year. The course was good, and I wrote about the contents on the blog (day-1, day-2 ,day-3. day-4). The 6-day version of the class has incorporated a number of welcome additions and helps the course really grow. I always felt that the 4-day version lacked a certain something, and the new version really fills the gaps with new sections on Flash, WebServices (WSDL, UDDI, SOAP…) and nice coverage of Python, JavaScript and PHP for Penetration Testers. The last day is also now a Capture the Flag event which will really help to solidify the knowledge and let people get a hands-on approach to testing.

I can’t finish this post without saying a little something about the OnDemand program. The new OnDemand system is certainly a step in the right direction. As SEC-542 is one of the first on the BETA OnDemand it lacks the additional links that will come with maturity. I think that the OnDemand option of training has become more of an option than previously. The support you get is also great, especially as Kevin is very approachable. If all else fails you can shoot me an email and I’ll see if I can help. Hopefully this will be the class I’ll be Mentoring in Vienna next year (given the chance).

Overall I’d give the class 95/100 –> There’s room for some additional coverage of things like JBoss, Coldfusion and Tomcat. Still you can’t fit everything into 6 days 😉 I can’t wait for SEC-642, for some advanced WebApp fu.

GWAPT Certified Professionals –> LISTING

GWAPT Exam Coverage –> Coverage


5 responses to “GWAPT / SEC542

  1. geekyone November 10, 2009 at 20:23


  2. i900omnia July 19, 2011 at 06:17

    How many for for GWAPT ?

  3. ChrisJohnRiley July 19, 2011 at 09:21

    I’m gonna say 42, mostly because I have no idea what the question means!!!

  4. kaiser July 19, 2011 at 16:23

    Without SANS Training can I Clear GWAPT?
    because SANS Training is too Costly I cannot afford it?

  5. ChrisJohnRiley July 20, 2011 at 12:07

    Ah ok… there’s an option to challenge the exam, but I’m not sure on the cost. Best to checkout the SANS/GIAC website really!

%d bloggers like this: