Cracking eWPTX!! – My Review

Hi all, It’s been two months without any update in the blog. Uff!! Job, personal projects, eWPTX, all ate up my time. Because of many requests from my friends, well-wishers I am writing this post to share my journey in achieving eWPTX.

I will follow the format of Cracking OSCP and give my answers to frequently asked questions.

What is eWPTX?

eWPTX is a certification offered by Elearnsecurity. It is a certification to prove your skills in advanced Web application penetration testing (black box).  You can either opt for the exam or can take the relevant training course named as WAPTX. The course talks about encodings,  basic evasions of Web Application Firewalls, bypassing XSS filters, advanced CSRF, HTML5 attacks, advanced SQL injections (MySQL, Oracle, MSSql) and XML attacks.

How is it different from OSCP?

OSCP, offered by Offensive Security deals with the overall penetration testing of the given target. Even though it contains scenarios in lab machines where you exploit website vulnerabilities, it doesn’t much cover on Application security issues. OSCP’s exam style is more of a CTF combined with a report, but eWPTX exam mimics the process of a professional service to a client from getting the scope of a target to delivering the report in a commercial grade manner and reporting all the security issues ranging from high to low in a single web application.

Should I have to do eWPT?

Okay, eWPT is said to be the prequel to eWPTX. eWPT covers all the vulnerabilities in web application security. This course is extensive for the people who want to start in Web Application Hacking. Doing eWPT before eWPTX is relative and subjective talk. Please go through the syllabus for both the courses before you decide. To be noted, getting eWPTX certified doesn’t make you well versed in Web Application Hacking.  eWPTX helps in bypassing firewalls, advanced exploitation, obfuscations whereas eWPT focuses on vulnerabilities that are present in Web Applications.

How is WAPTX course?

WAPTX course content is awesome and unique. Please find the syllabus here.

The course starts with the basics of encoding, covering URL encoding, HTML encoding. It tells how regular expressions are used as filters. In the chapter of Evasion, it teaches you how to bypass firewalls using the encoding concepts, overcome the regular expression filters. One can also learn more about payload obfuscations by learning how obfuscations work in Javascript and PHP. Cross-site scripting chapters are covered in detail by explaining how different types of XSS work and how to create your own payload that can bypass firewalls. Also, in the succeeding chapter, it explains how to use XSS to perform different types of attacks such as network attacks, phishing, keylogging. In the CSRF chapter, it stresses on how developers implement poor Anti-CSRF protections and how to exploit such scenarios. HTML5 Attacks chapter starts with the basics of HTML5 and moves on to various security headers and how they can be bypassed. SQL Injection chapter is the one I liked the most. The chapter explains how different DBMS (MySQL, MSSql, Oracle) work and how they respond to different attack scenarios. XML attacks is a fun chapter that helps you to learn about XXE, XEE attacks etc.

Yes, the course is more about bypasses and advanced concepts that help in the discovery or exploitation of vulnerabilities.

What was your learning process?

  • I went through the syllabus of WAPT. Noted topics that I had to learn such as XPATH vulnerabilities
  • I went through the Web Application Hacker’s Handbook once.
  • Registered for the course WAPTX
  • I would first go through the chapter contents, then watch related videos and try to do the labs myself.
  • I go through the chapter again, whenever I hit a roadblock in labs. If I wasn’t still successful, then refer solutions.
  • But I make a point to Google for such similar situations in CTF writeups, bug bounty writeups or any related theory.

How was my eWPTX exam?

In the exam, I was provided with a Web Application target and was asked to pentest in seven days. Furthermore, seven days are provided to submit a professional report with all the security issues found with PoC of their exploitation. The exam was fun, but it was pretty much easy if you have understood the concepts in the WAPTX.  The best part is, the exam is prepared in such a manner that one need not be absent from work. Fun Fact, I had written my first report on Web Application Penetration Testing during this exam.

Further Plans?

eMAPT, eWDP

4 thoughts on “Cracking eWPTX!! – My Review

  1. Hey PK,
    Nice review. Looks like a decent course to me. I’m wondering should I take web defense course or this one.

    As always, will wait for your further blog post.

    1. Web Defense course is a very good course. I am planning to take that too. It requires coding skills. It is most beneficial for security analysts who does static code analysis and work in product companies.

      Btw Thanks for the feedback

Leave a Reply

Your email address will not be published. Required fields are marked *