eWPT to eWPTX Certified in 45 days (without INE labs) — Exam Review and Tips

1 year ago 174

BOOK THIS SPACE FOR AD

ARTICLE AD

In this article, I am going to provide feedback and helpful tips for the exam. This review is not endorsed or sponsored by anyone, so I will be providing honest feedback from the examinee/student perspective.

TL;DR — I was able to utilize significantly cheaper training methods such as DVWA, TryHackMe, HackTheBox, OWASP Juice Shop, TCM Security while the INE labs were being improved. The alternate lab environments enabled me to obtain the web application certifications from eLearnSecurity. These exams are fair and directly align with fundamental and advanced AppSec training.

The official training for all eLearnSecurity exams is provided via the subscription to INE’s Cybersecurity Pathway. The practical training needed to pass the exams are provided via labs, videos, and slideshows. The pre-built tools necessary to pass are also referenced multiple times throughout the course material. More advanced testing may require custom payloads, but the training and references needed to study are also provided.

The exams cost $200-$400 dollars depending on membership (50% off) and exam type. The training always seemed a bit expensive at over $700 but discounted sales are frequent and the current partnership with Pentester Academy is highly enticing for me.

Build and test your machine first: All training will be provided but the test (attack) machine for exams willInstall-as-you-train: The courses provide a list of references and resources that indicate the tools to be installed on your local machine for the exam. Install tools as needed and keep configurations and versioning in mind; modern tools may not match the testing environment/application.These are practical penetration testing exams: This means that the desired result can’t be achieved without the required hands-on skillset. Keep in mind that you have to use your own machine to conduct testing, so ensure to perform the methods discussed in your own lab environment.Expect to learn while testing: The INE training course covers all areas needed for the exam but can’t teach individual creativity. These exams simulate black-box penetration testing and there are several resources/methods that can be used for success.Get some rest: These exams are both have allotted time of 7 days for testing, followed by 7 days for reporting. After the first 7 days you will no longer have VPN access to the exam environment and will only have access to submit a report. This is more than enough time to get the job done as it has been done by hundreds before you. In order to avoid sleep deprivation induced failures, you have the ability to try again the next day or even step away without getting terminated from the exam. This realistic exam format taught me that a little rest or even a short break can go a long way during penetration testing.Ask questions or find a study partner: There are several ways to find the answer to questions you may have while training. The most dependable resource for me was the Unofficial INE Discord server. Whatever your preference is for finding answer to in-depth questions, ensure to only ask questions that are related to the learning material or labs. Asking exam related questions will violate the terms of the exams.Don’t overthink it: The reports I submitted for these exams were not the best reports on the planet. They did get the point across in an organized manner to demonstrate mastery and understanding to the examiner while maintaining a tester-to-client point-of-view. Keep in mind that this POV is to be consistent throughout reporting so over-explaining will make the reports too long. Avoid this by filtering through unnecessary chatter in your report. There is also a report file size limit, so filter through important screenshot attachments as well and avoid unnecessary HD screenshots.Have a little fun: There are no restrictions on tools that can be used. This is the part where anyone can be creative as needed with their learning to demonstrate proficiency.

While I was training and testing, the lab environments provided were being revamped. This was a slight inconvenience but did not affect exploitation and the ability to repeat prior proof-of-concepts (PoC’s) for the exam and available labs.

Almost every connectivity issue was resolved by doing the following:

Step 1. Disconnect VPN Client

Step 2. Reconnect and review/verify new IP address

Step 3. If all else fails or you can’t seem to get anything to display the desired result, reset the lab (up to 4 times/day) and try testing the findings again.

Note: This means you may have to update the IP address within any tools in use. If this causes any confusion or frustration, then this is a good time to research how DHCP works!

eWPT Training

Once I started studying the material within INE’s WAPT course, I realized some of it was a bit outdated, but the methods presented in the course are still effective today for Application Security Testing. This was understood a bit more as I went through the course, along with the discussed vulnerability scenarios from PortSwigger’s Web Security Academyand other OWASP Top 10 lists.

Training for this exam gave me a foundational understanding of report writing for penetration testing. The course gives a template for report writing but there isn’t any format that is required. The general recommendation for reporting is that you cover the necessary details in the report with a severity, technical description, proof-of-concept and a working mitigation strategy for each finding.

The online lab environments were undergoing maintenance, but this did not stop me from being able to train on other platforms. In summary, you need to be able to demonstrate fundamental expertise in finding OWASP Top 10 vulnerabilities along with a professionally written report. Training will be provided for all of the areas required to pass the exam.

According to the eLearnSecurity overview, the eWPTv1 exam will assess your knowledge in the domains of:

Penetration testing processes and methodologiesWeb application analysis and inspectionOSINT and information gathering techniquesVulnerability assessment of web applicationsOWASP TOP 10 2013 / OWASP Testing guideManual exploitation of XSS, SQLi, web services, HTML5, LFI/RFIExploit development for web environmentsAdvanced Reporting skills and remediation

Attention to Detail: The overview states that you will be assessed on OWASP Top 10 2013 list for this exam version. If you prefer to train on advanced/modern methods, then move on to the eWPTXv2, since there aren’t any mandatory prerequisites to take the training/exam.

The eWPT Exam Experience

This was my first penetration test with reporting so the final clarity I needed for success wasn’t understood until my second attempt due to my own mistakes. The exam reviewer was very helpful in pointing out flaws in my report in the same way a client would during a technical presentation. The feedback on the report and the free retake was available as soon as I reviewed their feedback. I was able to address mistake in my report with new PoCs and submit the passing 30-page report for the exam.

The WAPTX training path from INE was very beneficial for me. I was able to learn a lot of information in a short amount of time due to a smooth flow from the eWPT certification. The INE labs for this course were completely unavailable when I was training. Using PortSwigger’s material to get a better understanding of the advanced methods was the first alternative for training during the time that INE was rebuilding labs. I was also able to set up a local DVWA and OWASP Juice Shop instance to get a better understanding of finding these vulnerabilities within hardened instances.

According to the eLearnSecurity overview, the eWPTXv2 exam will assess your knowledge in the domains of:

Penetration testing processes and methodologiesWeb application analysis and inspectionAdvanced Reporting skills and RemediationAdvanced knowledge and abilities to bypass basics advanced XSS, SQLi, etc. filtersAdvanced knowledge of different Database Management SystemsAbility to create custom exploits when the modern tools fail

The eWPTX Exam Experience

I was able to pursue this exam with a fresh learning flow from the previous WAPT course. This transition into the next training course was planned due to some conveniently allocated training time at work.

The exam environment seemed a lot more stable when I took eWPTX exam. INE was making changes to their infrastructure throughout my entire studies, but the exam environment was almost perfect this time around.

Exploiting vulnerabilities within this path required more advanced methods such as filter bypass and other defense evasion techniques. It seemed that this training path was a bit vaguer in comparison to the eWPT exam and training. This exam required advanced methods, so apparently this means that the exact answer can’t be found in the training material. I found myself learning a lot of new things during the exam itself.

After all, I have no solid complaints after sitting for these exams because black-box penetration testing is designed for learning things along the way as I enjoy. After dealing with minor issues and slightly outdated material, I still recommend these courses and exams for anyone that is interested in Web Application security. They are aligned well for those seeking a learning experience that sets the practical foundation for a career in AppSec.

Read Entire Article