eWPT Review | Easiest way to become an eWPT.
At the first, let be know what is eWPT exam.
Is Certified web application penetration testing 100% practical exam provided from eLearnSecurity that is the most trusted IT Security training company.
What are the topics covered on exam?
Exam covering multiple web application pentesting methodologies :
- Web application analysis and inspection
- OSINT and information gathering techniques
- Vulnerability assessment of web applications
- OWASP TOP 10 2013 / OWASP Testing guide
- Manual exploitation of XSS, SQLi, web services, HTML5, LFI/RFI
- Exploit development for web environments
- Advanced Reporting skills and remediation
How is exam environment?
- It is NOT CTF based exam, it a real simulation of black box Penetration Testing engagement, so you will need to be informed that all vulnerabilities are needed to be documented.
- Therefore, The Exam is open book exam so you can search and back to your notes if you been stuck until you complete it to the fullest.
- Also, the eLearnSecurity Support team are very supportive so if there are any issue happened while exam they will easily found the solution.
- You will have 7 days for penetration testing and another 7 days for reporting and this is quite enough time to finish the exam.
- To success on the exam you will need to achive your engagement’s target but not alone, as I have mentioned, it is a real world penetration testing scenario so you will need to clarify all vulnerabilities on the system and reporting them with clear steps to reproduce and PoCs.
How I completed the exam?
I started my engagement on Sunday 2AM with some issues on my Exam environment, so I wasted a lot of time on troubleshooting And finally it became completely clear to me to start at 6AM, So I decided to chill to take some rest and sleep so that I can start quietly without tension.
You need to know that you should prepare all needed tools after starting the exam So that you don’t waste time downloading the tools you need while you’re taking the exam
At 4 PM, I back to hacking, so I starting with mapping all target system’s areas including all subdomains and analysis all applications behavior.
By 7 PM, I draw my mind map to this system so I can hack into it and achieve the target. And for knowledge, you will need only vulnerability to break your ice wall. Once this is achieved, you will feel that you have everything under control, so take your time so that you can put your thoughts in order.
By 3 am, I found that I was going to crash with all those these screenshots and PoCs so I decided to rearrange all my findings for the closest format of the report.
I used CherryTree for this porpose and by 5 AM I found myself on dejavu because of bad sleep so I decided to back to sleep and return in the morning to RIP this shit :D.
At 11 AM I returned to hacking and by 2 PM I found all the results on the system, I was bug away from the target and I have been stucked for awhile because of another connection issue.
After some time I solved the issue and back to the exam to achieve the target by 9 PM, So i decided to take little break and re-review the exam again to make sure that there is nothing not covered in my PoCs and some tries to chaining some vulnerabilities and enhance the PoCs for the reporting phase.
At Wednesday, I finished my first version of report but when I re-reviewed it I found that it not profissional enough. So, lets start to view some example reports templates to choose the best templates.
I found this Report is most clean report to explaining my PoCs on it. With some editing on it, I could to achieve the best shape of my report and by Thursday I submitted my baby to eLearn to assess it.
By Tuesday when I was checking my email I found that I became an eWPTv1 🍾 🙌 🎉
What is the best material for eWPT?
- INE is the key, they providing the best topics, references, videos and laps that will help you in your journey.
- PWST (Practical Web Security and Testing) By Michael Taggart is very sufficient to bypass this exam.
- PortSwigger Academy for Laps and articals it the best reference will help you to gain more experience from real scenarios.
- Your Notes. I used tools such as Notion and Obsidian while studying and this notes are really saved my a$$ multiple time.
In the end, the real challenge in this exam is your confidence in yourself and your belief that you are able to do it because it really does not require super effort and some reporting skills will help you :D
Those references will help you to write powerfull report:
- https://www.hackthebox.com/blog/penetration-testing-reports-template-and-guide
- https://brightsec.com/blog/penetration-testing-report/
- https://www.youtube.com/watch?v=J34DnrX7dTo
I wish you all success guys :)
