[Cryptography] (no subject)

RB aoz.syn at gmail.com
Wed Oct 22 09:41:20 EDT 2014


On Tue, Oct 21, 2014 at 5:23 PM, William Muriithi
<william.muriithi at gmail.com> wrote:
> I believe some of the people here may have taken ‎GIAC Web Application Penetration Tester exam. Came across a link on it today at work and felt like it may be something worth looking at.

Although I'm not certain this is on-topic for the cryptography list,
I'm also mildly surprised that there's anything here I can answer.  I
don't hold the GWAPT (but know someone who just renewed), and do hold
several other SANS certs myself.

> Have just checked amazon and nothing related with that exam show up. The books from SANS seem a tad expensive. Want to check through the material and see if they are deep enough for such investment.

SANS keeps a very, very tight fist on rights to their materials, you
won't find anything secondhand or third-party unless it violates their
[extensive] licensing agreements.

> How did you guys go about that evaluation? Was the course nourishing enough intellectually for the amount of money they are asking

My evaluation was that I have never spent my own money on SANS courses
and certifications, it has always been employers'.  It is nourishing
enough if you're pretty much new to the particular discipline the
course covers, but if you have any prior experience in the field it
won't get you very far.  A personal example, GPEN - having already
participated in some red-team and CTF exercises, I learned no new
concepts (only a few specific applications of tools) from the
coursework.

I feel that as all certs become more popular and peopled, their
utilitiy ultimately wanes, and SANS is little different.  The recent
move to not publish test scores, for example, I feel reduces the value
of doing well - "they still call the C medical student 'doctor'."
However, this week I did hear that they'd made the GWAPT test
significantly harder and shorter, which may be a glimmer that they're
trying to fight the dilution effect a little.


More information about the cryptography mailing list