Mirza's Blog

Conquering the SANS GWAPT Exam: A Personal Journey

Mirza Mansoor Ali Baig's photo
Mirza Mansoor Ali Baig
·

4 min read

Conquering the SANS GWAPT Exam: A Personal Journey

Table of contents

This is my personal journey that I'm sharing on how I managed to pass the exam. I made sure to understand the exam objectives, sections, and sub-sections, and determine how many days I needed to prepare for the course and take the exam.

I started preparing for this exam sincerely from mid-February 2024, and I had it scheduled for April 26th, 2024. I took the On-Demand course as it was sponsored by my previous company. With On-Demand, candidates have 120 days to finish the course and, if they choose, they can take the exam.

I got 2 practice test attempts when I bought this course. They are really helpful and will give you an idea of what the real exam will look like. It's a great way to test your learning. I failed my 1st practice test, scoring 50%, but in my 2nd attempt, I scored 74%. The best way to score higher marks is in the labs. I practiced every lab topic from the exam objectives twice to feel confident for the real exam. This really helped boost my confidence after failing my 1st practice attempt.

I read questions thoroughly twice to understand them well and logically answer them. At one point during the real exam, I found it incredibly tough to answer the questions, but I didn't want to give up. This determination somehow helped me pass the exam with 77%. I personally consider this relatively low. The MCQs were extremely tough and tested knowledge in depth. However, the labs were interesting and fun. I got all 7 labs correct, and I believe that's why I was able to pass the exam.

Below, I will list the exam objectives, exam pattern, and every module in each section. These will help you prepare better for the course and exam.

Exam Objectives:

Theory Section:

  • Web Application Overview

  • Web Application Testing Tools

  • Reconnaissance and Mapping

  • Web Application Configuration Testing

  • Web Application Session Management

  • Web Application Authentication Attacks

  • Web Application SQL Injection Attacks

  • Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack

Labs/CyberLive:

  • CyberLive GWAPT Metasploit

  • CyberLive GWAPT Fuzzing

  • CyberLive GWAPT Command Injection/File Inclusion

  • CyberLive GWAPT Authentication

  • CyberLive GWAPT SQL Injection

  • CyberLive GWAPT Spidering

Exam Pattern:

75 MCQs + 7 Cyber Live Labs = 82 Questions. 180 Minutes.

Theory Topics: 50 Labs: 28

Section 1: Introduction & Information Gathering (Theory)

  • Web Overview

  • Application Assessment Methodologies

  • Web Application Penetration Tester Toolkit

  • Interception Proxies

  • OSINT

  • Virtual Host Discovery

  • HTTP Syntax and Semantics

  • HTTPS and Testing for Weak Ciphers

  • Target Profiling

Section 1: Introduction & Information Gathering (Labs)

  • Configuring Interception Proxies

  • Virtual Host Discovery

  • Testing HTTPS

  • Gathering Server Information

Section 2: Content Discovery, Authentication, and Session Testing (Theory)

  • Insufficient Logging & Monitoring

  • Spidering Web Applications (Crawling)

  • Forced Browsing

  • Fuzzing

  • Information Leakage

  • Authentication

  • Username Harvesting

  • Burp Intruder

  • Session Management

  • Authentication & Authorisation Bypass

  • Vulnerable Web Apps: Mutillidae

Section 2: Content Discovery, Authentication, and Session Testing (Labs)

  • Web Spidering (Crawling)

  • ZAP & ffuf Forced Browse

  • Authentication

  • Username Harvesting/Enumeration

  • Fuzzing with Burp Intruder

  • Burp Sequencer

  • Authentication Bypass

Section 3: Injection (Theory)

  • HTTP Response Security Controls

  • Command Injection

  • File Inclusion & Directory Traversal

  • Insecure Deserialisation

  • SQL Injection Primer

  • Discovering SQLi

  • Exploiting SQLi

  • SQLi Tools

Section 3: Injection (Labs)

  • Command Injection

  • Local/Remote File Inclusion

  • Insecure Deserialisation

  • Error-Based SQLi

  • sqlmap + zap

Section 4: XSS, SSRF, & XXE (Theory)

  • Document Object Model (DOM)

  • Cross-Site Scripting (XSS) Primer

  • XSS Impacts

  • BeEF

  • Classes of XSS

  • Discovering XSS

  • XSS Tools

  • AJAX

  • Data Attacks

  • REST & SOAP

  • Server-Side Request Forgery (SSRF)

  • XML External Entity (XXE)

Section 4: XSS, SSRF, & XXE (Labs)

  • HTML Injection

  • BeEF

  • DOM-Based XSS

  • XSS

  • Server-Side Request Forgery

  • XML External Entities (XXE)

Section 5: CSRF, Logic Flaws, & Advanced Tools (Theory)

  • Cross-Site Request Forgery

  • Logic Flaws

  • Python for Web App Pen Testers

  • WPScan and ExploitDB

  • Burp Scanner

  • Metasploit

  • Nuclei

  • When Tools Fail

  • Business of Pen-testing: Preparation

  • Business of Pen-testing: Post Assessment

Section 5: CSRF, Logic Flaws, & Advanced Tools (Labs)

  • Cross-Site Request Forgery

  • Python for Web App Pen Testers

  • WPScan and ExploitDB

  • Metasploit

  • Nuclei and Jenkins

  • When tools fail

gwaptpentesting#sansOWASP TOP 10appsec