GIAC Practical Web Application Penetration Testing (GWAPT)

What is GWAPT?

The GIAC Web Application Penetration Tester (GWAPT) certification validates a practitioner’s ability to better secure organizations through penetration testing and a thorough understanding of web application security issues. GWAPT certification holders have demonstrated knowledge of web application exploits and penetration testing methodology.

Who should Attend?

This course is designed for:

  • Security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers and architects

Why Web App Penetration Testing is essential for you?

  • Learn about Web Application Security and Penetration Testing.
  • How to discover and exploit vulnerabilities in modern network and web frameworks, technologies, and backends.
  • Perform Information Gathering to get access into clients system.
  • Use automated Web Hacking tools.
  • Learn how to conduct Web Intrusion tests.

Benefits of Web App Penetration Testing

  • Web application overview, authentication attacks, and configuration testing
  • Web application session management, SQL injection attacks, and testing tools
  • Cross site request forgery and scripting, client injection attack, reconnaissance and mapping


  • Experience with basics of Linux
  • Kali Linux

Learning objectives

The course the contents outlined below:

  • Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack: will demonstrate an understanding of Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks and the tools and techniques used to discover and exploit vulnerabilities.
  • Reconnaissance and Mapping: demonstrate an understanding of the techniques used to conduct discovery, exploration and investigation of a web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.
  • Web Application Authentication Attacks:will demonstrate a familiarity with the process and mechanisms used to secure web applications by authentication, how to enumerate users and how to bypass and exploit weak authentication.
  • Web Application Configuration Testing: will demonstrate a familiarity with the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a web site.
  • Web Application Overview: will demonstrate an understanding of the technologies, programming languages and structures that are involved in the construction and implementation of a web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.
  • Web Application Session Management: will demonstrate an understanding of how a web application manages client sessions, tracks user activity and uses SSL/TLS in modern web communications as well as the attacks that can be leveraged against flaws in session state.
  • Web Application SQL Injection Attacks: will demonstrate a familiarity with the techniques used to audit and test the security of web applications using SQL injection attacks and how to identify SQL injection vulnerabilities in applications.
  • Web Application Testing Tools: will demonstrate an understanding of the tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.

Exam format

  • 75 questions
  • Time limit of 2 hours
  • Minimum Passing Score of 71%

General Information

  • Training is available in a variety of modalities including live conference training, online, and self study.
  • Practical work experience can help ensure that you have mastered the skills necessary for certification
  • College level courses or study through another program may meet the needs for mastery.
  • The procedure to contest exam results can be found at