+ Reply to Thread
Results 1 to 7 of 7
  1. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    36

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #1

    Question Advice on eWPT (eLearnSecurity) vs GWAPT (SANS)

    Hi everyone!

    My employer might be sending me for SANS courses in March 2018, and I have a few questions:

    1) Has anyone done eWPT (eLearnsecurity)'s course as well as GWAPT from SANS?
    2) How similar are they?
    3) Would you feel the eWPT provides a a good ramp up to the GWAPT?
    4) Or is the eWPT somewhat on a similar difficulty scale of the GWAPT?

    Let me know your thoughts and comments!

    Just a bit of background on myself, I'm currently on the Blue Team now; trying to understand and dive in to the attacks that the Red Team uses on our websites. I've never setup a website before and I'm unfamiliar with web languages. I'm trying to pick up the pace and hopefully should have a firm base of knowledge by March 2018
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Jul 2017
    Posts
    10
    #2
    I am also really interested in the eWPT cert. Does it provide adequate technical/practical knowledge?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    186

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #3
    If your employer is footing the bill then definitely go straight for the GWAPT. It is a pretty basic/foundational course so you do not need any pre-reqs outside of being able to read basic javascript and php. The course is designed for absolute beginners.

    I have no experience with eWPT, but there are some incredible resources for web app testing in general. Here is what I would do if you want to just do something until March:

    1. Read - The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - 2nd Edition (Don't do the labs in this book, as they are expensive and also honestly not that great compard to some of the FREE OWASP labs!) - Link
    2. Free Labs/practice - OWASP Mutillidae 2 (This is FANTASTIC! Plus they give you hints if/when needed and there are even step by step videos for the common vulnerabilities especially everything on the OWASP Top 10.) - Link
    3. Free labs #2 - OWASP Juice Shop is also great if you are itching for more after Mutillidae - Link

    After that, you will be plenty ready for the GWAPT. :c)
    Last edited by ZzBloopzZ; 10-16-2017 at 07:05 PM.
    Reply With Quote Quote  

  5. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    875

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #4
    +1 for the The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - awesome book that covers just about everything you'll learn studying for the GWAPT or eWPT at a heck of a bargain price!

    +2 for Mutillidae (free) to practice the skills from the book you just bought, above

    Those are the cheap and easy ways to do it without any formalized instructions processes that cost a heck of a lot more
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2013
    Posts
    1,207

    Certifications
    GWAPT, GSEC, Associate of (ISC)2, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #5
    Webgoat and DVWA are two additional practice resources similar to Mutullidae.
    Reply With Quote Quote  

  7. Member
    Join Date
    Feb 2016
    Location
    OKC
    Posts
    88

    Certifications
    A+ CE, Security+ CE, GSEC, GCIH
    #6
    Just want to add another resource. This VM has several broken web applications all in one easy-to-load image. Mutillidae, DVWA, some broken web games, broken Wordpress, plus many more. I'm currently using it with the web portion of the ELS PTP course, and hoping to go to training for GWAPT next spring.

    https://www.owasp.org/index.php/OWAS...ations_Project
    Reply With Quote Quote  

  8. Member
    Join Date
    May 2013
    Location
    Singapore
    Posts
    36

    Certifications
    Network+, MTA 98-349, MTA 98-365, SSCP, CHFI, eJPT
    #7
    ZzBloopzZ, 636-555-3226, TechGuru80, globalenjoi

    Thanks so much for the advice; I'll work on the VMs and definitely get the Web Application Hacker's Handbook. It just so happens to be in stock and on sale this weekend.

    It's definitely a sign that I should carry on
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks