Summary

The undefined website provides an in-depth review of the eWPT certification, comparing it to the OSCP, and offering insights into the course material, exam structure, and personal experiences with tips for prospective test-takers.

Abstract

The undefined website article, titled "🕸️eWPT Review🔍," offers a comprehensive analysis of the eLearnSecurity's eWPT (eLearnSecurity Web Application Penetration Tester) certification. The author contrasts the eWPT course material and exam format with those of the OSCP (Offensive Security Certified Professional), noting that eWPT's INE-provided training is more than sufficient to pass the exam. The article emphasizes the thoroughness of the eWPT labs, the practicality of the exam's focus on reporting real-world vulnerabilities, and the generous time frame allowed for completion. However, the author points out potential integrity issues due to the non-proctored nature of the exam and the lack of material randomization, which could make cheating easier. The review also shares the author's personal experience of failing the first exam attempt due to an oversight in the report, stressing the importance of meticulous note-taking and attention to detail. Overall, the eWPT certification is portrayed as a valuable resource for gaining knowledge in web application penetration testing, though it may not carry the same industry recognition as other certifications like OSCP or CISSP.

Opinions

The author believes the INE course materials for eWPT are comprehensive and contain all necessary information to pass the exam, unlike some other certifications that require additional resources.
The eWPT exam is praised for its focus on practical skills, such as writing a full penetration testing report, which is seen as more valuable than just capturing flags.
The exam's 14-day timeframe and the additional time provided upon failing the first attempt are considered humane and conducive to thorough learning.
The author criticizes the lack of proctoring and randomization in the eWPT exam, suggesting it could undermine the certification's reputation due to the potential for cheating.
Despite the value of the knowledge gained, the eWPT certification is perceived as less recognized by HR departments and recruiters compared to certifications like OSCP or CISSP.
The author regrets their own mistake of omitting a critical section of the report, which led to failing the first exam attempt, and advises future test-takers to be diligent in cross-referencing their notes with the exam report.
The article suggests that using tools like sqlmap can be extremely helpful, and there are no arbitrary tool restrictions on the eWPT exam.
The author recommends learning LaTeX for report writing, finding it more efficient and aesthetically pleasing than using office suite software.

🕸️eWPT Review🔍

Paywall blocking you? Click here to reload and enjoy for free.

Learn from my mistakes and how to pass the eWPT exam. Also some hot takes on eLearnSecurity certifications compared to other offensive security related certs.

The Good: discusses the great aspects of INE trainings and tips on studying for the eWPT exam.
The Bad: is a critque of eLearnSecurity certifications in general and clarifying that this is a certification for knowledge more than resume prowess.
The Ugly: The stupid mistakes I made that failed my first attempt.

The Good

The eWPT is eLearnSecurity’s web application penetration testing focused certification. Compared to the OSCP, the material is slightly more in depth than what you’ll learn on your typical “OSCP Journey”(offsec materials and extra stuff picked up from Hack the Box, etc.). I’m going to make al ot of comparisons to the Offensive Security Certified Professional certification as it’s seen as the pentesting industry gate keeping cert and has much industry recognition.

The INE Course

The “learning” side of eLearnSecurity is handled by a company they have partnered with called INE. The materials are fairly solid, though they are a bit dated now. They still have a course module about Flash security.

However, the biggest positive with the course it that it actually has all the information you need to pass the exam! You don’t need to go to 3rd party services because the original course material isn’t conclusive enough, unlike other offensive security related certifications. INE has all the information needed for someone to go from “zero-to-hero” to pass eWPT. From the basics of HTTP requests and response to SQLi, XSS, and exploiting SOAP.

The labs are very well done. Rather than a huge, disorganized lab environment that you have to share with many other students, the eWPT labs have individual instances for each student separated by topic. For XSS you have your own environment created for exploiting XSS, for SQLi you have your own instance for exploiting SQLi. The only annoying thing is you have to re-authenticate with a different VPN certificate and credentials every time to boot up a new instance to practice in. That’s better than having other people mess with your sessions though.

I highly recommend taking extensive notes and studying the course material hard. It sounds simple but that’s really all you need to pass! This simplicity is a luxury that I want to stress you have. I take notes with Joplin in a FOSS setup that I’m pretty particular about. If you’d like to replicate my note taking setup, click here.

The eWPT Exam

Unlike the OSCP, the eWPT exam is not about capturing the flags off different machines. You have to write a full fledged pentesting report complete with the executive summary, charts, vulnerability reporting and remediation reporting. You are given rules of engagement and clearly defined scope that it is possible to break and have you fail the exam over it(though this is very unlikely given my experience). You have to report every single vulnerability you find in the environment, not just the vulnerability you found that was the path to pwn admin or user or root.

Plus you are given a humane time to complete the certification(the OSCP is a 24 hour exam), 14 days, and you get more time if you fail your first report submission. First 7 days the exam environment is open to conduct your pentest then you have another whole 7 days to complete the report. Plus if you fail the first exam attempt like I did, you will be given another 7 days of open lab time to find what you missed and continue writing your report.

Though it’s unlikely you will need 2 weeks to complete this certification, even without previous web app pentesting experience. I found all the vulnerabilities needed to pass the exam and wrote most the report within a few days(I left something out of the report that caused me to fail, but more on that later). Reading other peoples experience with the eWPT exam, it’s not uncommon to finish in a few days.

This isn’t necessary because the exam is easy, but because eLearnSecurity’s partner INE actually gives you a course that is all you need to pass the eWPT exam. Unlike the course given with OSCP, where I argue the Pentesting With Kali course is not conclusive enough to pass the exam. You still need to work hard to pass the eWPT, you can safely focus your efforts on the course materials that come from INE.

eWPT Tips

Learn how sqlmap works! This tool is so good at automating finding SQLi and XSS vulnerabilities, it feels like cheating. Yet remember that there are no arbitrary restrictions on tools that you can use on this exam. Sqlmap was definitely the most helpful in finding vulnerabilities in the exam environment. If you take away just one thing from this post, learn how this command works:

sqlmap -r request.txt

As I’ve said, all the information you need is in the INE course. Just take good notes! You don’t need a bunch of tricks and tips to pass.

The Bad

eLearnSecuritys exam’s are not proctored. eWPT exam’s material is not randomized(to my knowledge). This makes it extremely easy to cheat on this exam. Be it reading someone else’s writeup, collaborating with someone on the exam, or just flat out having someone else take the exam for you. I don’t condone any of this, but as long as people can cheat so easily, this dramatically hurts the reputation of eLearnSecurity certifications.

The training provided by INE for the eWPT exam is solid. Yet as long as eLearnSecurity’s easy-to-cheat exam system persists they will never hold the same regard as Offensive Security or SANS certs do in the cyber security industry. Offensive Security’s certifications had a large cheating problem even with proctoring and changing the exam materials regularly. The mere potential of cheating hurts eLearnSecurity certifications integrity.

From anecdotal experience, no HR department or recruiter knows about eLearnSecurity that I’ve asked about. The eWPT is not a cert you get as an HR bypass like OSCP or CISSP. Granted their are some job posting that ask for it and more technical recruiters will recognize it. This is a certification you persue more for the knowledge gained from the course itself. You could take the INE course without touching the eWPT certification, but then you’d be throwing away your INE $200 off a eLearnSecurity cert voucher.

The Ugly

I made some pretty silly mistakes on my eWPT exam attempt that essentially costed me an extra couple of weeks just waiting for the exam results. What cost all this time was the fact that I left something absolutely essential out of my exam report out of sheer negligence. I forgot to include the most severe part of the penetration test in the report. This resulted in me failing my first report submission.

This is a matter of not thoroughly checking the notes you’ve taken during the penetration test with the test report itself. When you begin the eWPT exam, you are given a letter that tells you the scope, rules of engagement, and explicitly spells out this “most severe part” that is necessary for passing the exam. Be sure to read this document thoroughly, as it’s very easy to skim it over and miss extremely important details needed to pass the exam.

Its advertised by eLearnSecurity that you get feedback on your exam report submissions. It is a selling point of theirs. I imagined that their would be some extensive notes and feedback on my exam attempt, maybe even some help on how to properly format a pretty pentest report, especially since it took nearly 2 weeks for them to fail my first exam report. But no, there was only a single line of feedback saying that I didn’t include the “most severe part” in my report.

As for writing the report itself. I decided to start learning how LaTeX works. Writing my OSCP lab and exam reports in Libre Office was such a pain in the ass. I highly recommend learning LaTeX, it makes reports look effortlessly pretty. I used this template:

GitHub - robingoth/pentest-report-template: A LateX template for penetration testing reports

This template was crated for penetration testers who love working with LaTeX and understand its true power when it…

github.com

It’s not exactly clear how conclusive of a report you need to write to pass the exam. According the the eLearnSecurity eWPT forums, mods have said that you need to have every single vulnerability that is present in scope documented in your report in order to pass. Yet at the same time “they wont fail you for something small”. I can’t be sure I passed finding every single vulnerability possible, but I am sure you need that “most severe part” or else your exam attempt is doomed.

I will give you one more tip: the part that is most important to pass is done by using a combination of a few different topics within the INE course. So again, study hard!