I can really use some input on which SANs course to pursue since I might have a chance to take one this year. GWAPT first sounded like the route I wanted to take since I work in application security and would like to up-skill in web application security as my focus. I then stumbled upon GWEB which sounds like defense web app security but with more focuses on modern frameworks and technologies like AJAX/REST/SPA. I am definitely more interested in PenTesting so I am guessing I should Pursue GWAPT but I’m worried it won’t cover areas I am currently struggling in such as heavy JS applications and REST APIs.
Or should I even dive into GCPN? I am up for suggestions since cloud is hot right now and would be useful to add with my AZ-500 experience.