The latest articles on DEV Community by ngbonzini (@ngbonzini). https://dev.to/ngbonzini https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F508944%2Fc31f8072-02e3-4f43-81ee-62366ba13f4d.jpg https://dev.to/ngbonzini en ngbonzini Tue, 30 Jan 2024 18:23:51 +0000 https://dev.to/ngbonzini/fast-dive-into-ewptv2-1k7i https://dev.to/ngbonzini/fast-dive-into-ewptv2-1k7i <p>Hello community! 👋 Today, i'm excited to share my experience diving into web application security through the eWPTv2 (Web Application Penetration Tester) certification. Let's dive into the journey and explore valuable resources.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facq0vr2esp3u0hihda3o.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facq0vr2esp3u0hihda3o.png" alt="Badge" width="400" height="400"></a></p> <h4> ¿Whats is eWPTv2? </h4> <p>According to <a href="https://security.ine.com/certifications/ewpt-certification/"><strong>INE</strong></a> ,"eWPTv2 is a hands-on, professional-level Red Team certification that simulates skills utilized during real-world engagements." The exam lasts 10 hours, featuring 50 questions. You don't have to submit a report; just answer the questions.</p> <h4> The course </h4> <p>It's a meticulously crafted curriculum covering a broad spectrum of web application security topics. From identifying vulnerabilities to conducting penetration tests, eWPTv2 ensures a comprehensive but not overly advanced knowledge. I highly recommend taking the course led by Alexis Ahmed before attempting the exam. This course provides the necessary tools not only to pass the certification but also to perform penetration testing at a professional level or to venture into the world of Bug Bounty.</p> <p>The topics covered include:</p> <ul> <li>An introduction to Web Application Security testing, covering everything from the HTTP protocol to <a href="https://owasp.org/Top10/">OWASP Top</a> Ten and its <a href="https://github.com/OWASP/wstg/tree/master/checklists">Open Web Security Testing Guide</a>.</li> <li>Web Enumeration and Information gathering.</li> <li> <a href="https://portswigger.net/burp">Burpsuite</a> and <a href="https://www.zaproxy.org/">OWASP ZAP</a>.</li> <li>XSS</li> <li>SQLinjection</li> <li>Broken Authentication</li> <li>Session Security</li> <li>Cross-Site Request Forgery</li> <li>Command Injection</li> <li>Arbitrary File Upload Vulnerabilities</li> <li>Path Traversal</li> <li>LFI / RFI</li> <li>Web Services</li> <li>Security Testing CMS</li> </ul> <h3> Resources </h3> <p>If you prefer free resources or those from other platforms for additional learning and practice, here's a list of resources I used for extra preparation:</p> <p><em><strong>From Hack The Box</strong></em></p> <ul> <li><a href="https://www.hackthebox.com/machines/backend">Backend</a></li> <li><a href="https://www.hackthebox.com/machines/jerry">Jerry</a></li> <li><a href="https://www.hackthebox.com/machines/curling">Curling</a></li> <li><a href="https://www.hackthebox.com/machines/opensource">OpenSource</a></li> <li><a href="https://www.hackthebox.com/machines/secnotes">SecNotes</a></li> <li><a href="https://www.hackthebox.com/machines/mentor">Mentor</a></li> <li><a href="https://www.hackthebox.com/machines/apocalyst">Apocalyst</a></li> </ul> <p><em><strong>From Vulnhub</strong></em></p> <ul> <li><a href="https://www.vulnhub.com/entry/dc-32,312/">DC_3</a></li> </ul> <p><strong><em>Open Source</em></strong></p> <ul> <li><a href="https://tryhackme.com/room/owaspmutillidae">OWASP Mutillidae II</a></li> <li><a href="http://www.itsecgames.com/index.htm">bWAPP (Buggy Web Application)</a></li> <li><a href="https://github.com/appsecco/dvna">Damn Vulnerable NodeJS Application</a></li> <li><a href="https://github.com/valtterikodisto/vulnerable-bank">Vulnerable Bank</a></li> </ul> <p><strong><em>For Learning</em></strong></p> <ul> <li><a href="https://academy.hackthebox.com/path/preview/bug-bounty-hunter">Bug Boutny Hunter from HTB</a></li> <li><a href="https://portswigger.net/web-security">PortSwigger</a></li> <li><a href="https://www.hackerone.com/hackers/hacker101">HackerOne</a></li> </ul> <p>Ready to fortify your skills and unlock new possibilities in web security? Dive into the world of eWPTv2 and let's secure the future together! 💻🔒</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp2drg9vrc6l7850rydk2.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp2drg9vrc6l7850rydk2.jpg" alt="Certification" width="800" height="618"></a></p> security development cybersecurity web