Saturday, January 21, 2012

Passed GIAC GWAPT Exam

Hi dears,

I just wanted to share first update of this year.

I sat for & passed the SANS GIAC Web Application Penetration Testing - GWAPT - exam on January 14, 2012. I found the exam was pretty tough as compared to the previous GIAC exams I had attempted - GPEN, GCIH, and GREM.

I have been doing web app pentesting for a while. So, most of the tested topics were not new to me. I did a self-study for this exam. I used the following study resources to prepare:

1. SANS GPEN course material
2. OWASP - this site has a lot of good, relevant information on a majority of web app topics.

5. Backtrack - Specifically for any or all related tools - load it up & practice various web app testing related tools on this dist.
6. Google - Yeah, search out specific topics, terms, video tutorials, tool demonstrations. This is significant especially if you choose to take the self-study route.
7. Misc Notes - some random, personal notes on various topics.

I know it's not easy to take out 4000+ usd for official course materials. I hope this info will help someone planning self-study to tame this beast.

As always, let me know if you have any questions. I will be glad to help.



  1. Great. I also passed the GWAPT exam today. I'm not a seasoned Pen Tester. In fact, I'm trying to get into the industry.

    I forked up the 4k. Kevin Johnson's Material is straight forward, practical is easy to study.

  2. I'm doing self study this week! I go for exam on dec 3! Wish me luck. I have all materials from SANS and practice exam and backtrack so much more. I just hope i dont do overkill with knowledge.. But really is there such a thing?

  3. All the best for your exam @Anonymous. Do post a comment here once you pass & get your GIAC digits :)

  4. Hello,

    I have a question about the exam. Did you have more theoretical questions that practical ones or they were 50/50?
    Also you had questions about all the tools from the books or only the most known ones?


    P.S. I'm trying to prepare my index for the exam and i would like to know on what shall i focus.



The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.