Thursday, 25 August 2011

GIAC Web Application Penetration Tester (GWAPT)

I took and passed the GIAC Web Application Penetration Tester (GWAPT) exam today, so I thought I would write something about it (and the SANS course that supports it).


The SANS "Web Application Penetration Testing and Ethical Hacking" course coverage

I had taken the SANS "on-demand" online version of their Web Application Penetration Testing course. I felt the online version of the course is a great format, because it gives you plenty of time to absorb the material and experiment in your own time.

I had previously read the excellent book Web Application Hackers Handbook (which I would highly recommend, before considering the SANS course). There were a few key things on the SANS course that are not covered in that book (and vice versa)

On reflection, this course covers quite a lot of ground. It has the basics of various common attack vectors (such as SQL injection and XSS) but it goes beyond the norm in some areas (though some other attacks and detail seem to be missing).

Additionally to what is covered in the WAHH book, the SANS course covers subject areas such as:

Decomposition and basic analysis of Java applets and Flash objects
Understanding AJAX
Various tools for spidering, and Web app vulnerability scanning
Exploitation frameworks

Most notably, the SANS course covers the basics of a lot of different tools for web-app security testing, including:

Burpsuite, Webscarab, Paros, Dirbuster, Skipfish, W3af, Tamperdata, SQLinjectMe, Sqlmap, Grendel-scan, Nikto, Aura, SiteDigger, Wikto, Goolag Scanner, Maltego, Nmap,  HTTPrint,  OpenSSL, THC SSL Check, CeWL, SprAJAX, RatProxy, WebService Studio, WSDigger, WSFuzzer, Flare, HP SWFscan, SWFIntruder, JAD, Websecurify, XSS Me, GreaseMonkey, XSS Assistant, PostInterpreter, Absinthe, MonkeyFist, BeEF, Dursosploit, AttackAPI

This is a lot of coverage, though obviously in many cases we are talking about the bare minimum of one slide of notes per tool (you will need to do a lot of your own practice and research to get to know these tools properly).

Though I didn't feel the SANS audio track was as good as it could have been, the course notes and lab examples are good (if you complete them all a couple of times, and do some extra experimentation).

In addition, I did a lot of my own testing with the Web Security Dojo, and some Virtual Appliance UI research in my home lab - which I feel helped me a lot with understanding how to use some of the tools more effectively.


Notes for GWAPT test-takers

This is an open-book exam, which was a new thing for me. I would definitely recommend test-takers to study the SANS course thouroughly, and take there course material with them, because the exam sticks very closely to the SANS course material.

Also, make sure you know which information is in which section of the course material, i.e. know where you would find information on SQL injection syntax, or PHP functions, or HTTP response codes (as examples).

In terms of practice, the certification exam is similar to (but not as easy as) the example tests provided by GIAC. I would also recommend reading the course material a couple of times, completing all the course practicals, and doing extra practice with the tools, such as completing the Web Security Dojo (or Web Goat at the very least).

27 comments:

  1. Hello,

    How does it compare with OSCP or CEH?

    ReplyDelete
  2. Hi Pedro,
    I would say on the whole, it was harder than CEH, and more useful. The practical elements are much easier than OSCP, but I would still rate OSCP as the best course I have ever done in terms of the amount I learned.

    It covers ground that neither of those courses/qualifications cover. It's more advance than CEH, but not as much work as OSCP.

    Also, the exam is multiple choice (like CEH) not a live hack-fest like OCSP.

    There have been benefits to pretty much every course I have done (Except Security+, which is a waste of time IMHO).

    No course has all the answers, and this one certainly added to my knowledge - but as always, to get the true benefit you have to put the extra study in.

    ReplyDelete
    Replies
    1. had been looking for quite the same answer. Personally, as I see, the OSCP could only be achieved after undergoing the sub-test which is obvious and core to Offensive Security guidelines. The renewal programs are the ones I hate. Offensive Security does not have a renew system, whist all the SANS based GPEN/GWAPT/GIAC-based courses have. It's valid until 4 years and before the expiration, it must be credited with extra SANS attendance to gain CMU's.

      That's the bad part now. Like what does any certification has to do with renewal, it's said it makes the candidates compete, but this could had been only for the DODD governance, correct me if I am wrong. The WAPT and the GPEN could had been a lifetime certification.

      Delete
    2. This comment has been removed by the author.

      Delete
    3. If you wish to become a GPEN certified professional, you need to know the best way to get certified. vcedownloads exam dumps and practice tests can be that best way because:
      1.These exam dumps have the latest and verified question answers.
      2.Exam dumps are in PDF file and Exam engine formats.

      Visit the website for complete study package. https://goo.gl/HHfm5G

      Delete
  3. Hi Ben,

    Just wanted to say that you have a fantastic blog. It seems like I'm learning something new every post you make. You seem to have a real passion for security and it shows. The whole team here loves it.

    ReplyDelete
  4. Thanks Mate.

    I'm downloading WSD

    ReplyDelete
  5. Hi, i'm thinking on prepare the GWAPT exam....but the cost of the official books is too high for me. Can you tell me what books should i read to prepare it? i already have the Hacking Exposed: Web App 3 and The Web App Hackers Handbook..

    ReplyDelete
  6. Hey can you upload the training material and videos of this .
    Thanks

    ReplyDelete
  7. Nice website full of quite interesting and informative posts, so must keep on good working! what is graphic design

    ReplyDelete
  8. Thanks fellow your posts are really very good for me since it make good sense for me. who are the best whole life insurors

    ReplyDelete
  9. Super-Duper blogs! I love it really!! Would come back to visit soon, again Thanks. payday loan stores in new jersey

    ReplyDelete
  10. I really appreciate your effort. Thanks for sharing with us. I also know a web application penetration testing company that offers external penetration testing services. The company name is Avyaan, apart from penetration testing it also offers other security services like website security services, web application audit and mobile application mobile application security audit services.


    ReplyDelete
  11. Hi Ben,

    What a blog really very informative and easy to understand. keep posting on security testing. Penetration testing is very much in demand now a days as it is very useful and help people and organisation from loss.

    ReplyDelete
  12. Sure this is quite wonderful! That’s why this gives the enhanced quality of information. life insurance

    ReplyDelete
  13. Your blog posts are more interesting and impressive. I think there are many people like and visit it regularly, including me.I actually appreciate your own position and I will be sure to come back here.
    facebook baixar l baixar facebook l baixar facebook gratis l facebook movel l facebook movel baixar

    ReplyDelete
  14. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.

    subway surf , baixar subway surf, subway surf download , download subway surf

    ReplyDelete
  15. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also
    Download Musicas, Baixar Musicas Gratis ,Baixar Musicas Gratis, Baixar Musicas

    ReplyDelete
  16. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.

    entrar hotmail agora , hotmail entrar, entrar hotmail , entrar no hotmail

    ReplyDelete
  17. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    facebook iniciar sesión , facebook, iniciar sesion , iniciar sesion facebook

    ReplyDelete
  18. Thanks I have read your article, it is very interesting and exciting
    download go launcher, go launcher apk, go launcher , go launcher androi,

    ReplyDelete
  19. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    dream league soccer download , dream league soccer apk , download dream league soccer , dream league soccer

    ReplyDelete
  20. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    whatsapp messenger
    baixar whatsapp
    whatsapp plus
    download whatsapp
    whatsapp baixar


    ReplyDelete
  21. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.
    Hotmail
    Hotmail Iniciar Sesión
    Iniciar Sesión
    Iniciar Sesión Hotmail
    Iniciar Sesión
    Iniciar Sesión Hotmail

    ReplyDelete
  22. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.
    banana kong ,
    banana kong baixar ,
    baixar banana kong ,
    download banana kong ,
    banana kong

    ReplyDelete
  23. Target of the GPEN certifications and succeed at your first attempt! Examcollection.in has a wide range of latest and real GPEN dumps which cover exam syllabus absolutely.

    ReplyDelete