This survey is a joint effort between The SANS Institute (www.sans.org), GIAC (The Global Information Assurance Certification Program, www.giac.org) and WASC (The Web Application Security Consortium, www.webappsec.org). Our goal is to gather feedback regarding typical job tasks of a web application penetration tester. The questions you will answer relate to the job task focus of a web application penetration tester. We define this role as anyone tasked with the job of testing web applications on security aspects. We consider job titles of senior QA analysts, security consultants, security testing analyst and some technical auditors as fitting in this category.