Hello community! ๐ Today, i'm excited to share my experience diving into web application security through the eWPTv2 (Web Application Penetration Tester) certification. Let's dive into the journey and explore valuable resources.
ยฟWhats is eWPTv2?
According to INE ,"eWPTv2 is a hands-on, professional-level Red Team certification that simulates skills utilized during real-world engagements." The exam lasts 10 hours, featuring 50 questions. You don't have to submit a report; just answer the questions.
The course
It's a meticulously crafted curriculum covering a broad spectrum of web application security topics. From identifying vulnerabilities to conducting penetration tests, eWPTv2 ensures a comprehensive but not overly advanced knowledge. I highly recommend taking the course led by Alexis Ahmed before attempting the exam. This course provides the necessary tools not only to pass the certification but also to perform penetration testing at a professional level or to venture into the world of Bug Bounty.
The topics covered include:
- An introduction to Web Application Security testing, covering everything from the HTTP protocol to OWASP Top Ten and its Open Web Security Testing Guide.
- Web Enumeration and Information gathering.
- Burpsuite and OWASP ZAP.
- XSS
- SQLinjection
- Broken Authentication
- Session Security
- Cross-Site Request Forgery
- Command Injection
- Arbitrary File Upload Vulnerabilities
- Path Traversal
- LFI / RFI
- Web Services
- Security Testing CMS
Resources
If you prefer free resources or those from other platforms for additional learning and practice, here's a list of resources I used for extra preparation:
From Hack The Box
From Vulnhub
Open Source
- OWASP Mutillidae II
- bWAPP (Buggy Web Application)
- Damn Vulnerable NodeJS Application
- Vulnerable Bank
For Learning
Ready to fortify your skills and unlock new possibilities in web security? Dive into the world of eWPTv2 and let's secure the future together! ๐ป๐
Top comments (1)
Great Job!