eWPTXv2, fun learning experience with a sprinkle of crazy

Hola muchachos! as I recently passed my eWPTXv2 — Web application Penetration testing eXtreme from eLearnSecurity recently, I figured that I’d write a review on a thing or two I worked with to prepare for this exam as I didn’t have the luxury to study it via their course and lab

Before going into the review, I would definitely like to point out this exam is probably one of the best black-box penetration testing related exams out there for web security, and I do hope this review answers many questions for you in regards to figure out if this certification is worth it or not.

I would also like to mention, it might be really difficult to cope up with this exam directly if you are not a seasoned web application penetration tester, as there is many things in it that could be learnt easier via INE labs respective to their courses.

eWPTXv2 exam preparation

After completing my eCPPT and OSCP last year, I was very much interested in diving into web security and a friend of mine suggested a pretty great career path for a penetration tester, which stood out of me as I could personally relate to that path so I wanted to dedicate the whole of 2021 on web security from A-Z.

I had the option to take eWPT before eWPTX but as the prices were the same for their exam voucher, I figured it’ll be easier and more adventurous to cover up web security from scratch and directly go for the kill which was eWPTX. I probably wouldn’t recommend this unless you’re strapped for cash lol — and well the general gist of learning is to learn at your pace and understand the concept for yourself, so if you think eWPT can help you with it, you should and in overall INE eLearnSecurity does a great job in how they provide courses and their labs for it anyways so that’s an option too!

After reading their syllabus on eLearnSecurity website for eWPTX which was:

1. Penetration testing processes and methodologies
2. Web application analysis and inspection
3. Advanced Reporting skills and Remediation
4. Advanced knowledge and abilities to bypass basics advanced XSS, SQLi, etc. filters
5. Advanced knowledge of different Database Management Systems
6. Ability to create custom exploits when the modern tools fail

I covered up the topics that I probably wanna know and be versed at by using PortSwigger academy learning path to aid me for this exam. It is definitely hands down, one of the best free learning materials out there on the interwebs, nothing but praises. You learn alot from each topic based on OWASP top 10 and it contains dedicated lab environments to put what you learnt to test.

I put great interest on selected topics on PortSwigger based on other reviews on eWPTX by people who have completed the certification before, which were:

1. SQL Injection
2. Authentication
3. Directory traversal
4. Command Injection
5. Information Disclosure
6. Access Control
7. Server-side request forgery (SSRF)
8. XXE Injection
9. Cross-site Scripting (XSS)
10. Cross-site request forgery (CSRF)
11. Server-side template injection (SSTI)
12. Insecure deserialization

I would say it took me roughly 4 months to complete most of these labs and learning material, and for every lab I completed, I would write down some notes in my CherryTree together with some cheatsheets that can aid me during exams like payloads etc etc.

Ding ding ding! Exam time

The exam is really tough, there’s no doubt on that. My opinion can vary, and well it all depends how good you are in this field right? For the first few hours I was pretty overwhelmed as web security was nothing I have completed or trained on except for Portswigger labs, but after reading the engagement letter and also enumerating the domains slowly, I got into the rhythm and started taking notes on anything I see as low hanging fruits or has a potential attack vector so I can head back to it later on.

Typically you should really know your stuff and make sure how every vulnerability occurs and is exploited and also how to bypass filters. Even-though this exam gives you the opportunity to go with any tools you desire, I figured and would advise, manual exploitation works best as you have the full control of what you are doing and changes can be made to best fit how the application responds.

Without spoiling further, cause that’ll be a bummer, I would mention you really want to keep your eyes peeled on how the application works in the first place. While the application environment is not so big, there is alot of hidden hole exploit vectors within it which is really cool, so big props to eLearnSecurity for that!

As this exam is 7 days to hack and 7 days to report, which is pretty cool, it helps alot with your comfort and also aids you to revisit things with ample of time. It took me roughly 4 days to complete this exam and meet few core requirements of the exam that were mentioned on the engagement letter and 1 full day to complete my report.

Outro

There is really nothing much I can complain about this exam, everything during the exam was really deemed extreme in my opinion and it was crazy fun.

During the exam you get 5 resets every 24 hours, and this might get a bit frustrating if you’re not a person of zen :D as unfortunately, some of the attacks you do, kinda breaks the application and makes it really unstable which forces you to reset the environment again and again and this might get a bit problematic but that’s why you are given 7 days I guess!

Overall, I think this exam is a beast and the learning curve is great as it offers for you to explore not just web security for the sake of it, but also feel comfortable to try out other things like bug bounties.

I definitely will recommend this course if you are seeking for that next step in your journey after network penetration testing or your interest is in exploring web security.

What’s next for me, since I’m currently on rangeforce OWASP top10 battlepath, I would like to learn how to conduct white-box testing and dip my hands in OSWE later this year. Till then adios!, and I hope this post answers some of your nerdy questions :D

References: Portswigger