Thursday, 25 August 2011

GIAC Web Application Penetration Tester (GWAPT)

I took and passed the GIAC Web Application Penetration Tester (GWAPT) exam today, so I thought I would write something about it (and the SANS course that supports it).


The SANS "Web Application Penetration Testing and Ethical Hacking" course coverage

I had taken the SANS "on-demand" online version of their Web Application Penetration Testing course. I felt the online version of the course is a great format, because it gives you plenty of time to absorb the material and experiment in your own time.

I had previously read the excellent book Web Application Hackers Handbook (which I would highly recommend, before considering the SANS course). There were a few key things on the SANS course that are not covered in that book (and vice versa)

On reflection, this course covers quite a lot of ground. It has the basics of various common attack vectors (such as SQL injection and XSS) but it goes beyond the norm in some areas (though some other attacks and detail seem to be missing).

Additionally to what is covered in the WAHH book, the SANS course covers subject areas such as:

Decomposition and basic analysis of Java applets and Flash objects
Understanding AJAX
Various tools for spidering, and Web app vulnerability scanning
Exploitation frameworks

Most notably, the SANS course covers the basics of a lot of different tools for web-app security testing, including:

Burpsuite, Webscarab, Paros, Dirbuster, Skipfish, W3af, Tamperdata, SQLinjectMe, Sqlmap, Grendel-scan, Nikto, Aura, SiteDigger, Wikto, Goolag Scanner, Maltego, Nmap,  HTTPrint,  OpenSSL, THC SSL Check, CeWL, SprAJAX, RatProxy, WebService Studio, WSDigger, WSFuzzer, Flare, HP SWFscan, SWFIntruder, JAD, Websecurify, XSS Me, GreaseMonkey, XSS Assistant, PostInterpreter, Absinthe, MonkeyFist, BeEF, Dursosploit, AttackAPI

This is a lot of coverage, though obviously in many cases we are talking about the bare minimum of one slide of notes per tool (you will need to do a lot of your own practice and research to get to know these tools properly).

Though I didn't feel the SANS audio track was as good as it could have been, the course notes and lab examples are good (if you complete them all a couple of times, and do some extra experimentation).

In addition, I did a lot of my own testing with the Web Security Dojo, and some Virtual Appliance UI research in my home lab - which I feel helped me a lot with understanding how to use some of the tools more effectively.


Notes for GWAPT test-takers

This is an open-book exam, which was a new thing for me. I would definitely recommend test-takers to study the SANS course thouroughly, and take there course material with them, because the exam sticks very closely to the SANS course material.

Also, make sure you know which information is in which section of the course material, i.e. know where you would find information on SQL injection syntax, or PHP functions, or HTTP response codes (as examples).

In terms of practice, the certification exam is similar to (but not as easy as) the example tests provided by GIAC. I would also recommend reading the course material a couple of times, completing all the course practicals, and doing extra practice with the tools, such as completing the Web Security Dojo (or Web Goat at the very least).

20 comments:

  1. Hello,

    How does it compare with OSCP or CEH?

    ReplyDelete
    Replies
    1. Hey Guys !

      USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
      All Leads have genuine & valid information

      **HEADERS IN LEADS**
      First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If anyone buy in bulk, we can negotiate
      *Sampling is just for serious buyers

      ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
      ->$5 PER EACH

      ->Hope for the long term deal
      ->Interested buyers will be welcome

      **Contact 24/7**
      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      Delete
  2. Hi Pedro,
    I would say on the whole, it was harder than CEH, and more useful. The practical elements are much easier than OSCP, but I would still rate OSCP as the best course I have ever done in terms of the amount I learned.

    It covers ground that neither of those courses/qualifications cover. It's more advance than CEH, but not as much work as OSCP.

    Also, the exam is multiple choice (like CEH) not a live hack-fest like OCSP.

    There have been benefits to pretty much every course I have done (Except Security+, which is a waste of time IMHO).

    No course has all the answers, and this one certainly added to my knowledge - but as always, to get the true benefit you have to put the extra study in.

    ReplyDelete
    Replies
    1. had been looking for quite the same answer. Personally, as I see, the OSCP could only be achieved after undergoing the sub-test which is obvious and core to Offensive Security guidelines. The renewal programs are the ones I hate. Offensive Security does not have a renew system, whist all the SANS based GPEN/GWAPT/GIAC-based courses have. It's valid until 4 years and before the expiration, it must be credited with extra SANS attendance to gain CMU's.

      That's the bad part now. Like what does any certification has to do with renewal, it's said it makes the candidates compete, but this could had been only for the DODD governance, correct me if I am wrong. The WAPT and the GPEN could had been a lifetime certification.

      Delete
    2. This comment has been removed by the author.

      Delete
    3. If you wish to become a GPEN certified professional, you need to know the best way to get certified. vcedownloads exam dumps and practice tests can be that best way because:
      1.These exam dumps have the latest and verified question answers.
      2.Exam dumps are in PDF file and Exam engine formats.

      Visit the website for complete study package. https://goo.gl/HHfm5G

      Delete
  3. Hi Ben,

    Just wanted to say that you have a fantastic blog. It seems like I'm learning something new every post you make. You seem to have a real passion for security and it shows. The whole team here loves it.

    ReplyDelete
  4. Thanks Mate.

    I'm downloading WSD

    ReplyDelete
  5. Hi, i'm thinking on prepare the GWAPT exam....but the cost of the official books is too high for me. Can you tell me what books should i read to prepare it? i already have the Hacking Exposed: Web App 3 and The Web App Hackers Handbook..

    ReplyDelete
  6. Hey can you upload the training material and videos of this .
    Thanks

    ReplyDelete
  7. Nice website full of quite interesting and informative posts, so must keep on good working! what is graphic design

    ReplyDelete
  8. I really appreciate your effort. Thanks for sharing with us. I also know a web application penetration testing company that offers external penetration testing services. The company name is Avyaan, apart from penetration testing it also offers other security services like website security services, web application audit and mobile application mobile application security audit services.


    ReplyDelete
  9. Hi Ben,

    What a blog really very informative and easy to understand. keep posting on security testing. Penetration testing is very much in demand now a days as it is very useful and help people and organisation from loss.

    ReplyDelete
  10. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.
    banana kong ,
    banana kong baixar ,
    baixar banana kong ,
    download banana kong ,
    banana kong

    ReplyDelete
  11. Target of the GPEN certifications and succeed at your first attempt! Examcollection.in has a wide range of latest and real GPEN dumps which cover exam syllabus absolutely.

    ReplyDelete
  12. Now she is happily working with a team of gifted educators to bring life-changing lessons to children, families, and schools around the world. http://rfgiwtapjj.dip.jp http://cb3aw5nvgb.dip.jp http://hq549e30if.dip.jp

    ReplyDelete
  13. replica bags australia replica gucci bags n0w31q8x93 replica bags wholesale mumbai replica bags from korea article source f3e58d0r92 replica bags gucci try this website a7l93p2z18 7a replica bags wholesale replica bags delhi

    ReplyDelete