How I learned eLearnSecurity Web Application Penetration Tester
About me
A qualified and proactive individual focused on growing in the field of Security Engineering. I have more than 3 years of experience in Information Security. I'm a Certified Ethical Hacker and Certified Web Application Penetration Tester.
Why I wanted to learn eLearnSecurity Web Application Penetration Tester
eLearnSecurity Web Application Penetration Tester(eWPT) is a well-structured and popular course when it comes to application security. The eWPT exam is not like other Infosec certs exist in the market. In other security certs, you can pass the exam by answering some MCQs by practicing model papers & dumps. But here you need to do a 7-day penetration test to prove your abilitiy to do penetration test. Based on the reviews I read on the internet, I loved this challenge and wanted to do a "real penetration testing certification".
How I approached learning eLearnSecurity Web Application Penetration Tester
The course is well-structured and organized in a manner that a noob in this field can also learn web application security. I went through all the slides and videos provided in the course materials. I did all the labs. I got to know most of the common web application security threats and its exploitation techniques by doing labs.
Challenges I faced
Doing labs is not an easy task. There were some easy tasks and there were some labs which are hard to crack. I spent a lot of time and got support from forum to complete all the labs. And, the exam was quite challenging and fun at the same time. Since I followed the course thoroughly and did all my labs, I was able to crack the exam.
Key takeaways
You have to manage your time well during the exam. Have to find alternative ways rather than stuck at one point. This is something I learned from the exam. You have to be patient and focused at the same time to crack hard problems. There are always new threats in the application security arena. You need to be updated. These are some of the key learnings I learned from the course apart from technical matters.
Tips and advice
Here are some tips for the exam:
*Follow the course and do all your labs
*Spend some time and work on your recon phase
*Don't get stuck at one point. Check other alternatives. There are multiple ways to exploit.
*Make sure to document everything and take screenshots, PoC, burp requests & responses, etc. as evidence.
*Pay attention to subdomain enumeration, SQLi, XSS, CSRF, password cracking, unrestricted file uploads.
*And last but not least try to get some rest. Don’t get too stressed out. Go for a swim, watch a movie, or whatever you like. Then come back and continue with the exam.
Final thoughts and next steps
The course is not all about your skills in exploiting vulnerabilities. You have to stick to the basics and follow your rule of thumb as a pentester. I learned the overall pentesting methodologies and how to provide a client report as well.
My next plan is to complete OSCP which is another hard challenge for a pentester.
