Passing the GIAC Web App Pentester Cert (GWAPT)

I recently took the Global Information Assurance Certification (GIAC) Web Application Penetration Tester (GWAPT) exam and passed with an 86%. I was shooting for a 90+ but given I was finishing my Masters program Capstone and balancing work and family life I’m happy with my results. This will mark my 3rd certification through GIAC, I wanted to write down my thoughts on GIAC exams in general and how I study for them to pass on the first try. I’ve taken the Penetration Tester Cert (GPEN), Certified Forensics Analyst (GCFA), and now the GWAPT too.

All GIAC certifications are linked to a SANS course and the questions are centered around the material taught in these courses. I took the Web Application Penetration Testing & Ethical Hacking course (SEC542) back in December, see my detailed post about that here. The notes that I take during each day of the course also help in studying, these were things that I thought were interesting or wanted to make sure I would remember.

My method of studying for certs may not be for everyone, but this is what works for me. I do all this within a two week stretch. I also schedule my GWAPT exam for 2-3 weeks out from this point so I am motivated and hold myself accountable to get the studying done.

  1. On your commutes to and from work, listen to the course audio you get in MP3 format at least once entirely through
  2. Read through the books entirely, including the foot notes that you probably didn’t read or have time to see in the course at least once
    1. For material that is a little more difficult, in my case SQLi, go through that a few times
  3. Re-do the labs if possible, SEC542 labs are all self-contained on the VM they give you on the thumb drive. I re-did every single lab.
  4. Take your first practice exam without books/study aides. Ensure you turn on answers for all answered questions (option in the top right corner).
    1. Take the detailed print out at the end of the practice exam to identify your weak areas and start reviewing those materials a few times.
  5. Create your index! You can bring the books and any other hard copy materials into the exam with you. I use @hacks4pancakes method to build an index that she has detailed extensively here.
  6. Take the 2nd and final practice exam when you feel your ready, use the books and index you created and shoot for your best score. At this point you should be finishing around 80-90%. Take the detailed print out at the end and study those weak areas too.
  7. Good luck!

Lastly, don’t forget to check out the preparation guide that GIAC created themselves, it has some great pointers. Found here.

Passing the GIAC Web App Pentester Cert (GWAPT)
Tagged on: