Rising to the Challenge: Navigating the eJPTv2 to eWPTv2 Certification Journey
Hello, dear readers!
Firstly, I’d like to extend my warmest wishes for a Happy New Year 2024! May this year overflow with joy, growth opportunities, and treasured moments that linger as cherished memories. Here’s to a year filled with success, robust health, and the courage to seize every opportunity this new chapter brings.
Following my eJPTv2 certification, I set out with hopes of securing a job. However, despite my efforts, I couldn’t land one. Undeterred, I decided to channel my time into learning about web application penetration testing. That’s when I discovered the potential of the eWPTv2 certification in enriching my expertise in web app penetration testing.
Another compelling reason for choosing this certification was its instructor, Alexis Ahmed, who is one of the industry’s finest instructors, making this course an invaluable learning Experience.
In this blog, I will be sharing my personal experience throughout this journey and offering insights on how you can embark on and achieve your own eWPTv2 certification.
Introduction
The eWPT certification is a hands-on, professional-level Red Team certification designed to replicate the skills required in real-world engagements.
This certification exam encompasses Web Application Penetration Testing Processes, Methodologies, Web Application Analysis, Inspection, and a wide array of comprehensive topics.
This certification exam is a practical, skill-based assessment that requires candidates to perform a real-world Web Application Penetration Test in a lab environment and is designed to assess and validate an individual’s skills and abilities in identifying and exploiting security vulnerabilities within modern web applications.
I acquired the certification voucher bundled with a three-month premium subscription, granting me complete access to the entire INE academy.
This subscription specifically provided access to the Web Application Penetration Testing professional learning path, essential for successfully attaining this certification.
The course material was about 106 hours in total, comprising 10 courses, 58 labs and 126 quizzes to validate your skills and learning.
My Journey from eJPTv2 to eWPTv2
At the beginning of the course, there was a significant emphasis on theory as understanding the fundamentals of web applications is crucial prior to engaging in penetration testing.
Despite having significantly more content than the eJPT course material, I believe this learning path is ideal for individuals seeking to begin their journey in web application pentesting. It provides a robust foundation, equipping learners to venture into bug bounty programs, CTFs, and further explore the realm of web application pentesting.
The course encompasses a wide range of topics, starting from the fundamentals of HTTP/S, covering web proxies like Burp Suite and ZAP, addressing XSS and SQL injection attacks, and delving into JavaScript basics. Additionally, it extends to the testing of web services and CMS. In summary, the course offers comprehensive coverage across various areas, ensuring a thorough learning experience.
It took me approximately 2 months to complete the course material, supplemented by additional practice on TryHackMe rooms and machines for further reinforcement. The course already covers everything you need to pass the certification but I recommend several TryHackMe paths and rooms that could complement your learning journey in this course.
While not essential, they offer supplementary knowledge, which never hurts, right?
Learning Paths :
Practice Rooms:
While some individuals suggest exploring PortSwigger Academy and their labs as they are considered top-notch resources for learning web app pentesting, I personally feel it might be excessive. Nonetheless, engaging with the academy could significantly enhance your knowledge arsenal, should you choose to pursue it.
It was quite a roller coaster journey for me, considering my lack of prior knowledge about web application penetration testing. I began by delving into web fundamentals on TryHackMe, aiming to grasp the basics of web applications and comprehend how the web operates. Subsequently, I progressed through the comprehensive course material, which equips you with all the essentials required for a successful web application penetration test.
After intensive study sessions and practice, I felt well-prepared for the exam.
Exam Time
Before taking the exam, I meticulously reviewed the Exam guidelines and my notes to ensure I covered all necessary aspects. It’s important to note that unlike the eJPT, this exam spans 10 hours and comprises 50 questions, demanding a swift and efficient approach.
The exam environment mirrors a web application pentest scenario. Within the allotted 10-hour window, you’ll assess applications within the defined scope and address 50 questions. To pass, an overall score of 75% or higher is required.
This exam differs from the typical CTF style; success hinges on your ability to identify vulnerabilities and thoroughly evaluate encountered applications.
This certification challenges you to break out of your comfort zone, prompting in-depth research and the identification and exploitation of vulnerabilities.
After submitting my answers, the moment arrived to receive the results, and thankfully, I passed.
Final Thoughts
If you’re keen on mastering web application penetration testing while gaining practical experience, this certification is a worthwhile pursuit. It stands at an intermediate to professional level, making it beneficial to first explore introductory courses and certifications.
The complete exam bundle costs approximately $599, which can be a significant investment. Staying updated with INE’s announcements for promotional offers and discounts could be advantageous. Note that the standalone certification voucher is exclusively available to individuals with a premium subscription.
It’s important to highlight that this certification has a three-year validity. Currently, there’s uncertainty regarding the renewal process — whether through a reexamination or through Continuing Professional Education (CPE). I’ll keep you updated on any developments in this regard.
However, like any certification, it’s essential to supplement it with ongoing learning and practical experience to excel in the field.
Feel free to reach out to me if you any questions without hesitation on my social media accounts
If you’ve found value in this blog post, expressing your support with a “clap” would be greatly appreciated.
Additionally, if you’re keen on furthering your cybersecurity knowledge, consider following me for more insights and learning opportunities.
