Recommendations & Review of eWPTXv2

Hi everyone!

As can be understood from the title; This article will include my review of the eWPTXv2 certification process and my recommendations based on my preparation process. Before going into details, there is one point I would like to point out; The biggest reason why I am writing about this certification process is that there are not “enough” resources on the internet regarding the relevant certificate. Therefore, before entering the details, I would like to thank the people who guide me by writing a review for this certificate — by shooting a video.

Review

You can obtain the eWPTXv2 certificate in two ways; by taking the certification exam without the training (only by getting the voucher code) or by taking the certification exam by taking the training. If you have a certain level of experience in the field of web application security, if you have actively pentested for web applications, I think you can pass the certification exam directly without training (only by getting a voucher code) and be successful. However, if you do not have sufficient knowledge in this field or you know partially in theory but have never applied or applied but if you are not familiar with bypassing techniques, I recommend you to prepare for the certification exam by taking the training, because the documents are both instructive and aim to prepare you directly for the certification exam. If you are careful, you will realize that this training gives you the fish at some points while teaching you how to fish, as I mentioned in my eMAPT review. 🤓

In general about the eWPTXv2 process; I think the documents are of high quality and efficient. My views on documents, training laboratory, and exam laboratory are as follows;

  • I think that the training documents are of good quality and offer sufficient content within the scope of the exam.
  • Within the scope of training preparation, I think that there are good scenarios in the laboratory environment, but the lab environment is not stable.
  • I can say that the exam scenarios are successful, but the laboratory environment offered for the exam is not stable either. This can be frustrating during the exam. You should adjust your psychology with this situation in mind.

The last information I will convey within the scope of the review; After applying for the certification process, you must take the exam within six months. If you have a certain level of background to enter this certification exam, I think that a month and a half will be enough for you to focus on only education issues, and to work in a planned and regular manner.

However, if you do not have enough experience, you should consider this time as x2. I recommend that you learn about the vulnerabilities in detail based on the cause and effect relationship.

Preparation

Roadmap

  • As I mentioned above, if you have sufficient experience in this field, you can take the exam by focusing on the topics within the scope of the training, taking your bypassing notes, and getting your voucher code.
  • If you do not have enough knowledge and experience in this field, I would definitely recommend you to take the training. You can complete your process in the most efficient way by reading the documents, getting support from the videos where necessary, and doing the labs. These will be enough to get the certificate. At the same time, if you do not have a general experience within the scope of web application penetration tests, it would be better to take eWPT training first.

Useful Resources

Under this title; There are resources where you can learn detailed information about web application security, eWPTXv2, and more, lab environments with vulnerabilities where you can reinforce by applying the techniques you have learned, and cheat sheets prepared in this area. I hope you find them useful too.

There is one point I would like to point out, especially under this title; Regardless of your experience range, I highly recommend PortSwigger Academy, among the above-mentioned resources, in terms of the quality content it offers.🔥

Another point I would like to point out is; In our globalizing world, web application security is of great importance for the security of both institutions and individuals. This importance is increasing day by day. There are many resources in this area where you can improve yourself. The resources I have chosen above will both support your process within the scope of this certificate training and contribute to your development independently of the certificate.👩🏻‍💻

Exam

Details

First of all, I would like to give brief information about the exam process;

  • Exam: It takes a total of 14 days, including 7 days of exam + 7 days of reporting.
  • The exam offers a simulated penetration testing environment.
  • The exam aims to present a real-life scenario.
  • They expect you to find as many vulnerabilities as you can during the exam. However, first, the minimum requirements that you must meet during the exam are specified. You should definitely complete these.😈
  • You will learn a lot during the exam preparation stage as well as during the exam.

Tips and Tricks

  • As I mentioned in my eMAPT certificate review, the first and perhaps the only sentence you should not forget; is “Nothing is asked of you that you have not been taught.” Therefore, adjust your perspective accordingly and do not worry unnecessarily, do not focus on the wrong points.👻
  • You tried to exploit the “X” vulnerability during the exam, but it didn’t work, and if you’re sure about the payload you sent, don’t forget to restart the lab environment. As I mentioned, the environment in which the exam scenario takes place is not stable.🥺
  • Do not forget to take screenshots with proof of the vulnerabilities you detected during the exam. This is important for the report you will present at the end of the exam.
  • Make sure that the report you submit at the end of the exam is as expected from you. As a result, all the vulnerabilities you detect during the exam will be included in this report. As a pentester, you will perform a web application penetration test on a company whose scope is communicated to you. As a result, the clearer the report you present, the better it will be for you. This is also important in real life. After all, you don’t want to describe a great success as a failure, do you?
  • You can create the generic content in your exam report by using the resources given under the “Useful Resources” above: vulnerability description, references, solution suggestions, etc.
  • The time offered for this exam (7 days) is more than enough. So don’t stress about it.
  • The exam scenario presented as I mentioned above is of high quality. Focusing on the training content and trying to identify the targets presented to you will move you forward in a short time.🎯
  • Finally, as I always say; never give up!😈🥂👩🏻‍💻

When you apply all these, you will have your eWPTXv2 certificate.🌟

View verified achievement from @eLearnSecurity;

Good luck!🥂👩🏻‍💻

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Burcu YARAR

Passionate Cyber Security Expert #member @SynackRedTeam #pentesting #cybersecurity #offensivesecurity #applicationsecurity | https://www.linkedin.com/in/brcyrr/