SEC542: Web App Penetration Testing and Ethical Hacking is a 6-day course that focuses on web application security and penetration testing. It’s designed to help individuals understand, identify, and exploit vulnerabilities in web applications to improve their security. The course offers hands-on training, with a particular emphasis on practical labs.
The GIAC Web Application Penetration Tester (GWAPT) certification is a practitioner certification that assesses professionals’ skills in penetration testing and their comprehensive understanding of web application security issues. GWAPT-certified individuals are recognized for their knowledge of web application exploits and penetration testing methodology.
The certification covers a wide range of topics, including web application overview, authentication attacks, configuration testing, web application session management, SQL injection attacks, cross-site request forgery, scripting, client injection attacks, and reconnaissance and mapping. GWAPT certification is relevant for security practitioners, penetration testers, ethical hackers, web application developers, website designers, and architects.
GWAPT includes a hands-on, real-world practical testing approach called CyberLive, where candidates demonstrate their knowledge and skills using actual programs, real code, and virtual machines to simulate specialized job roles.
The certification exam format consists of a proctored exam with 82 questions, lasting 3 hours. A minimum passing score of 71% is required. Candidates should be aware that certification specifications may change without prior notice.
Additionally, the SEC542 course offers in-depth training in web application penetration testing, covering various topics like interception proxies, common vulnerabilities (such as SQL injection and Cross-Site Scripting), hands-on labs, and practical exercises. The course is designed to equip students with the skills to assess web application security, identify flaws, and demonstrate their potential business impact.
Overall, the GWAPT certification and SEC542 course provide valuable knowledge and skills for professionals seeking to enhance their abilities in web application penetration testing and security assessment.
Difficulty: 3 out of 5.
Just finished and passed GWAPT. This is a review for the on-demand version of the course. Thought the course was amazing and well put together. Yes, it is not a bootcamp per se, but the course does serve as a great foundation for web app pentests, bug hunting, and a great intro into offensive security from a top-down perspective. Honestly, the majority of the course content can be found for free and other courses, but not all. With free content you will spend months assembling the same knowledge, and it will have knowledge gaps and more than likely you will learn a few things wrong. Other courses may have the same content (at least majority of it) but the delivery will not be so straight to the point. So why $$$PAY$$$ for it? A few reasons: Straight to the point instruction; an amazing platform; correct information as the course goes through many iterations and filters to get to you; and the prestige that comes with SANS. Caveat to this: This certification, like many other certs, will NOT land you a job by just having it. It is the combination of experience, with formal ed, certs, your grind, and your professional network that can and will open opportunity doors for it. In conclusion, the course and certification is worth it but no one should get in debt to get it.
Difficulty: 2 out of 5.
GWAPT is an extremely solid certification for learning webapp pentesting. It can be directly compared to WEB-200 from OffSec. In terms of content, difficulty, and accuracy it's great. I can directly credit this class for getting hired as a webapp pentester. It does a decent job of walking through edge cases and special attacks. I learned a lot!
That said, I do have a problem: the price
Every OffSec course and exam voucher can be purchased for 1 year for less than the cost of this 6 day (at most) class. If you're doing OnDemand, you can probably knock the entire cert out in 2 weeks if you're already familiar with general pentesting. $8000 is a lot of money for what you get. It's great material but the price is just insane. If this was a $500 dollar class, I'd give it 5 stars. For a $8000+ class, it loses 2 stars just because there are graduate degrees that cost that much. You could save thousands of dollars and get the same general material for <$2k from OffSec. I wish SANS would lower their prices because I do prefer their format to OffSec... but until then, I have to side with WEB200 as being a better choice.
There's also a webapp pentesting course offered by TCM Security now for ~$30 a month now. I'd probably check out that if I was doing it over again.
