SEC542: Web App Penetration Testing and Ethical Hacking is a 6-day course that focuses on web application security and penetration testing. It’s designed to help individuals understand, identify, and exploit vulnerabilities in web applications to improve their security. The course offers hands-on training, with a particular emphasis on practical labs.
The GIAC Web Application Penetration Tester (GWAPT) certification is a practitioner certification that assesses professionals’ skills in penetration testing and their comprehensive understanding of web application security issues. GWAPT-certified individuals are recognized for their knowledge of web application exploits and penetration testing methodology.
The certification covers a wide range of topics, including web application overview, authentication attacks, configuration testing, web application session management, SQL injection attacks, cross-site request forgery, scripting, client injection attacks, and reconnaissance and mapping. GWAPT certification is relevant for security practitioners, penetration testers, ethical hackers, web application developers, website designers, and architects.
GWAPT includes a hands-on, real-world practical testing approach called CyberLive, where candidates demonstrate their knowledge and skills using actual programs, real code, and virtual machines to simulate specialized job roles.
The certification exam format consists of a proctored exam with 82 questions, lasting 3 hours. A minimum passing score of 71% is required. Candidates should be aware that certification specifications may change without prior notice.
Additionally, the SEC542 course offers in-depth training in web application penetration testing, covering various topics like interception proxies, common vulnerabilities (such as SQL injection and Cross-Site Scripting), hands-on labs, and practical exercises. The course is designed to equip students with the skills to assess web application security, identify flaws, and demonstrate their potential business impact.
Overall, the GWAPT certification and SEC542 course provide valuable knowledge and skills for professionals seeking to enhance their abilities in web application penetration testing and security assessment.
Difficulty: 2 out of 5.
GWAPT is an extremely solid certification for learning webapp pentesting. It can be directly compared to WEB-200 from OffSec. In terms of content, difficulty, and accuracy it's great. I can directly credit this class for getting hired as a webapp pentester. It does a decent job of walking through edge cases and special attacks. I learned a lot!
That said, I do have a problem: the price
Every OffSec course and exam voucher can be purchased for 1 year for less than the cost of this 6 day (at most) class. If you're doing OnDemand, you can probably knock the entire cert out in 2 weeks if you're already familiar with general pentesting. $8000 is a lot of money for what you get. It's great material but the price is just insane. If this was a $500 dollar class, I'd give it 5 stars. For a $8000+ class, it loses 2 stars just because there are graduate degrees that cost that much. You could save thousands of dollars and get the same general material for <$2k from OffSec. I wish SANS would lower their prices because I do prefer their format to OffSec... but until then, I have to side with WEB200 as being a better choice.
There's also a webapp pentesting course offered by TCM Security now for ~$30 a month now. I'd probably check out that if I was doing it over again.