Well that’s another certification attempt passed on my route to world domination.
This time it was the SANS GIAC Web Application Penetration Tester (GWAPT) certification. I managed to scrape through with a 97.33% which I am pretty happy about 
hmm, I just realised this is the first time in about 8 months I haven’t had a certification hanging over my head… hmm… all of a sudden I feel all alone… confused… lost… bored…
OK, now I have to find something else to do…
Suggestions anyone?
RT “@craiglawson: You can all now be "social media experts" http://t.co/N1ijHgI4 #yourwelcome ;-)” < nice! RT “@manzuik: Yes Adobe... Mission accomplished. http://t.co/KynGcaG1” <- hahahaha RT “@wired: Scary video of a hive of tiny robotic helicopters acting with one will http://t.co/7ZI7ih8Y” Although when you purchase a license after the trial period expires it doesn't reenable your past settings... (cc @binaryfortress) 
© 2012 DamianGrace.com · Proudly powered by WordPress & Green Park 2 by Cordobo.
Valid XHTML 1.0 Transitional | Valid CSS 3
OSCE, OSCE, OSCE, OSCE
Did you go to SAN’s or get OnDemand which provided you with the Course Material? I just took GPEN and am looking to get some material for GWAPT to go by.. any recomendations?
Hi ipso
All my sans training has been done in the classroom. I have however had access to the on-demand material before and found it to be really quite good.
Obviously I would recommed taking the course in person, but if that is not an option then on-demand is a good substitute.
Hi Damian
Congratulations
I’ve just became GWAPT certified two hours ago, got a score of 96.667%, not bad for my first security certification.
I’m a developer and more interested in the offensive security and writing secured code which certification do you recommend for me (OSCP, GPEN, CEH or other certifications)?
Thanks
Hi Ahmed, Congrats on your new cert and such a great score!
I have never done the C|EH but I don’t hear good things about it. That and the GPEN really don’t have any programming areas in them so if you are interested in code I wouldn’t put those at the top of your list. The OSCP does cover some coding but it’s quite basic, so if you are a developer you would probably breeze through the coding parts of this course.
Have you considered doing one of the OWASP secure coding courses? This link is a bit old but it shows some of the courses they offer (http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference_Training)
Thanks Damian
Hi damian,
I am confused between CEH & GWAPT, I am Software Test Engineer & interested to become Security Tester..
Any Suggestions?
Hi Kaiser
I guess it depends on what type of software you’re testing. If your testing web apps then i’d certainly recommend the GWAPT. If it’s anything else I would recommend starting with the OSCP which I have reviewed here (http://www.damiangrace.com/offensive-security-certified-professional-oscp/pentesting-with-backtrack-an-oscp-course-review/).
I wouldn’t recommend the CEH for anything as I’ve not heard anything good about it.
Good luck with which ever option you choose.
Thanks Damian….
Yeah I am going to test web apps…
is GWAPT requires training from SANS?
Yep, GWAPT is a 6 day SANS course. You can do it in person at one of their live events or a cheaper option is to do one of their online training options.
Thanks Damian
I have one year experience in manual testing…and now trying to move ahead…..I am in a Dilemma whether to choose performance or security testing..
what kind of career scope will be there for a web app pen tester?