Review: AppSec Pentesting eXpert (CAPenX) from The SecOps Group

I discovered The SecOps Group and their certifications about a month ago, just as they were launching the CAPenX certification. They were offering a great deal, so after researching the SecOps Group further, I decided to give it a try, expecting a challenging experience. It certainly lived up to that expectation.

Certified AppSec Pentesting eXpert (CAPenX) is an expert-level exam to test a candidate’s knowledge of the core concepts involving application security. Candidates must be able to demonstrate practical knowledge to conduct an application pentest to pass this exam.

Although they recommend a minimum of five years of professional pentesting or bug-bounty experience, I managed to pass with just two years of part-time bug bounty experience.

I’m a self-taught PHP/Python developer and bug bounty hunter. While I don’t compare myself to full-time developers, I have a solid understanding of frameworks and languages, and I can definitely code and read proficiently. I’ve been involved in bug bounty hunting for about two years, and what started as a passion has recently become my full-time job.

I went into the exam feeling confident in my bug bounty skills, so I didn’t do any specific preparation. In hindsight, that was a mistake. I strongly recommend spending some time preparing before taking on this challenge. Resources like PortSwigger and CTFs from platforms like Hack The Box and TryHackMe are invaluable. They help develop the CTF mindset, which is essential for this exam and something I hadn’t fully anticipated.

The exam is an intense, seven-hour practical test that requires you to solve various challenges and capture flags. Each challenge awards a certain number of points, and these points accumulate towards your final score. To earn the certification, you need at least a 60% passing score, which was my goal going into the exam.

I achieved a passing score of 61% with three hours remaining on the clock. Unable to solve the remaining challenges, I decided to end the exam at that point, knowing that a pass is a pass regardless of the final score.

Coming from the bug bounty world, I approached the exam with a logical mindset rather than a CTF-focused one. This led me to overlook certain vulnerabilities that seemed unrealistic from a real-world developer perspective. This was my biggest mistake. Some challenges featured vulnerabilities that wouldn’t typically occur in practical scenarios, but developers can sometimes make unexpected errors. It’s crucial to be prepared for anything in this exam.

Most of the challenges are realistic and require advanced exploitation techniques, making them quite enjoyable. Initially, I thought the challenges were easy, but I quickly realized I was mistaken. I encountered numerous dead ends, took the wrong paths several times, and wasted time on the wrong aspects. If this happens to you, I recommend moving on to the next challenge and returning later with a fresh perspective.

The challenges are highly advanced, often requiring extensive out-of-the-box thinking. For each challenge, I suggest taking notes and continuously asking yourself, “How can I achieve this? What vulnerabilities could lead to the flag?” With some trial and error, you’ll eventually succeed.

I cannot emphasize this enough: nothing in these challenges is straightforward. Simply pasting payloads and running automated scanners won’t get you anywhere. You’ll need to write your own payloads multiple times, observe how the server reacts, and go through a lot of trial and error.

The AppSec Pentesting eXpert (CAPenX) certification from The SecOps Group truly lives up to its “eXpert” level designation. It’s definitely worth pursuing if you find it priced under £250. With some prior preparation or if SecOps Group certifications become more recognized by employers, it would even be worth the full price of £400.

Best of luck on the exam, and I hope to see you again soon.

BugCrowd: https://bugcrowd.com/Polyxena

Linkedin: https://www.linkedin.com/in/fuleki-ioan-503007268/