I finally took my eWPT exam this past weekend, so it is nice to have another cert out-of-the-way.
While I can’t give away too much information about exam specifics, it was fairly straightforward.
To quote NovaHax on TechExams:
- Here’s an App
- Test the App
- Gain Admin Access to App
- Document all findings
The exam starts with a wildcard domain, and the goal of finding all vulns in all subdomains. I started by performing some subdomain enumeration, but I won’t get into too many details about that.
Once all the domains are found, the test becomes a standard web app pentest. Paying attention to all information gathered, as well as ALL possible venues of exploitation is very important.
In the end, I ended up with over 10 vulns for the entire web application and a 39 page report.
I am currently awaiting reviewer feedback on my report, but I’m fairly confident about my current status.
The reviewer has 30 business days to give feedback, but I know that my eCPPT only took about seven. I will be on vacation during the holidays, but I am hoping to know how I did before then.
This was an enjoyable cert, is relevant to my current position, and surprisingly useful (even considering my experience).
Once I return from the holidays, I plan on starting the eWPTX course.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.