eWPT Review
I have successfully completed eLearnSecurity Web Application Penetration Testing (WAPT) certification. Let me share my experience with you guys.
I have purchased INE Premium package during a discount, to be honest its really worth it, keep an eye on your registered email , you may get 250$ OFF!! If you have purchased premium then you will be having completed access to all INE courses.
INE : https://ine.com/pages/elearnsecurity-pricing
Let’s discuss about eWPT
- Material & Labs
eLearnSecurity course content and Labs are really superb. The course really breaks it down from the basics and moves to how to attack them. Each module has corresponding videos, slides and labs with which to study and cement your learning, some of the modules are in detail and some are not but overall its really worth.
Labs are primarily split into two sections, the ‘lab exercises’ and the ‘lab challenges’. Lab exercises have step-by-step walkthroughs & Lab challenges do not have any walkthroughs . I recommend you try out both lab exercises and lab challenges. As name suggests lab challenges are bit challenging as well. Make a note of commands used in Lab exercises walkthroughs which will be useful, during exam for quick references
- Exam
First of all, its not a CTF / MCQ exam. Its a black box pentesting , where you need to find out all subdomains , all vulnerabilities of the given domain. You required to submit a detailed pentest report as well. There is no tool restrictions, Sqlmap, Burp Suite Pro etc. are allowed. If you are planning to run active scan reduce the concurrent requests (Active Scan is NOT REQUIRED).
We have 7 day to completed the exam and another 7 day to submit the report, that means we have plenty of time to completed the exam. The aim is to find maximum vulnerability from the given domain & its subdomain.
“A necessary but insufficient condition to pass the exam is to log in to the Administration area as the administrator user” .
I started my exam on Sept 25th 2:30 PM (IST) , I have connected VPN & have set DNS for access the exam environment , these details will be there on exam instruction letter. I have used my KALI for the exam.
I started with finding the subdomains, I have used WFUZZ, Sublist3r & Virustotal, then I used httpx and filtered my result. You need to primarily focus on OWASP Top 10 (2017). Some vulnerability will be affected across the application and some of them will be affected on multiple parameters. That means even if you got 1 XSS or 1 SQLi keep digging for more. I found around 20 vulnerabilities for the entire scope .Try to find as much as you can, it not that hard to find these issues. Once I found some issues , I made small notes on that issues, took screenshots and saved in a word file for reporting purpose. Finding vulnerabilities was not that hard but making a big report was really hard. I have submitted my report on Sept 29th and after 5 day on Oct 4th I got this sweet email from eLearnSecurity.
My Report Template:https://github.com/anontuttuvenus/eWPT-Report-Template/blob/main/Report%20Template.doc
Sample Report Template TCM : https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report
Some Tools Used in Exam:
- Sqlmap ( https://thedarksource.com/sqlmap-cheat-sheet/)
- Burp Suite ( https://cheatsheet.haax.fr/web-pentest/tools/burpsuite/)
- patator ( https://en.kali.tools/?p=147)
- WFUZZ
- ffuf (https://cheatsheet.haax.fr/web-pentest/tools/ffuf/)
- sublist3r
- virustotal
Resource :
- https://tryhackme.com/room/owaspjuiceshop
- https://tryhackme.com/room/owasptop10
- https://portswigger.net/web-security/dashboard
- https://wooly6bear.files.wordpress.com/2016/01/bwapp-tutorial.pdf
- https://www.youtube.com/watch?v=h2duGBZLEek
- https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html
Links:
eWPT Verify Link: https://www.elearnsecurity.com/certification/verify?c=b9838e64-1438-47c7-9bb8-6b5683925b9a