by So happy that I’ve obtained a GIAC Certified Web Application Defender (GWEB) certification that demonstrates know-how on the subject of developing secure web apps!
Well it was a rainy weekend with nothing better to do than study (hard of course). Had 6 books with subjects ranging from input validation to authentication, architecture, tokens and many more. The course is very extensive and although many of the topics were quite known to me, obtaining this certification really allowed me to understand better the dynamics of web apps with their vulnerabilities.
Why a GIAC certification
My current role at the company requires my full attention to build, test and optimize secure web apps which help in detecting different types of attacks and provide reports on that. Being cyber security oriented, it was only natural to chose GIAC because of their expertise and going beyond terminology with practical exercises and many more.
There is a lot of information in their course which is useful these days having in mind that attackers can be more and more creative with their tactics hence you need to be prepared for any scenario.
Still, as far as I remember in the course, there is no mention of DoS attacks or many new types which can be found here. I would expect such a course to be regularly updated.
How hard was the exam
The exam itself is very thorough meaning that you will be pushed to face real world scenarios and act accordingly. Your theory should be very solid as well. It’s not an easy feat given the fact that terminology is a challenge. To pass the exam, you also need to know a couple of attacks which are extremely hard to replicate in practice.
Luckily, you are allowed with your course material in the exam room. Still, you have to know what kind of topic is where, so you don’t waste much time shuffling.
I want to say that even though they allow materials inside the exam room, this will not guarantee that you’ll pass!
What I expect in the future
Building secure apps requires commitment it’s no hit and run scenario here. As technologies are constantly evolving, many vulnerabilities potentially pop up requiring you to be up to date. Many of the risks cannot be 100% mitigated but you can reach a comfortable score by employing several defenses.
Check out my Microsoft certification here!
In any case, I’m now more aware of the implications of releasing new functionalities which may contain vulnerable dependencies, I’m more reserved when it comes to perform drastic code or architecture changes. And security is a big concern even for developers. Processes should be adapted by organizations to take into serious consideration the cyber security threats, as the costs of not doing so can be extremely high.
An old saying says: better safe than sorry!
Take care!
