7/9/22, 6:33 PM eWPT Review.

I have successfully completed… | by Anon Tuttu Venus | Medium

Get unlimited access Open in app

Anon Tuttu Venus Follow

Oct 18, 2021 · 3 min read · Listen

Save

eWPT Review
I have successfully completed eLearnSecurity Web Application Penetration Testing
(WAPT) certification. Let me share my experience with you guys.

I have purchased INE Premium package during a discount, to be honest its really worth
it, keep an eye on your registered email , you may get 250$ OFF!! If you have
purchased premium then you will be having completed access to all INE courses.

INE : https://ine.com/pages/elearnsecurity-pricing

Let’s discuss about eWPT

Material & Labs

eLearnSecurity course content and Labs are really superb. The course really breaks it
down from the basics and moves to how to attack them. Each module has
corresponding videos, slides and labs with which to study and cement your learning,
some of the modules are in detail and some are not but overall its really worth.

Labs are primarily split into two sections, the ‘lab exercises’ and the ‘lab challenges’.
Lab exercises have step-by-step walkthroughs & Lab challenges do not have any
walkthroughs . I recommend you try out both lab exercises and lab challenges. As
name suggests lab challenges are bit challenging as well. Make a note of commands
used in Lab exercises walkthroughs which will be useful, during exam for quick
references

Exam

First of all, its not a CTF / MCQ exam. Its a black box pentesting , where you need to
find out all subdomains , all vulnerabilities of the given domain. You required to submit
a detailed pentest report as well There is no tool restrictions Sqlmap Burp Suite Pro
https://anontuttuvenus.medium.com/ewpt-review-11208fc43a9a 1/4
7/9/22, 6:33 PM eWPT Review. I have successfully completed… | by Anon Tuttu Venus | Medium
a detailed pentest report as well. There is no tool restrictions, Sqlmap, Burp Suite Pro
Get unlimited access Open in app

etc. are allowed. If you are planning to run active scan reduce the concurrent requests
(Active Scan is NOT REQUIRED).

We have 7 day to completed the exam and another 7 day to submit the report, that
means we have plenty of time to completed the exam. The aim is to find maximum
vulnerability from the given domain & its subdomain.

“A necessary but insufficient condition to pass the exam is to log in to the

Administration area as the administrator user” .

I started my exam on Sept 25th 2:30 PM (IST) , I have connected VPN & have set DNS
for access the exam environment , these details will be there on exam instruction letter.
I have used my KALI for the exam.

I started with finding the subdomains, I have used WFUZZ, Sublist3r & Virustotal, then
I used httpx and filtered my result. You need to primarily focus on OWASP Top 10
(2017). Some vulnerability will be affected across the application and some of them
will be affected on multiple parameters. That means even if you got 1 XSS or 1 SQLi
keep digging for more. I found around 20 vulnerabilities for the entire scope .Try to
find as much as you can, it not that hard to find these issues. Once I found some issues ,
I made small notes on that issues, took screenshots and saved in a word file for
reporting purpose. Finding vulnerabilities was not that hard but making a big report
was really hard. I have submitted my report on Sept 29th and after 5 day on Oct 4th I
got this sweet email from eLearnSecurity.

M R tT l t htt // ith b
https://anontuttuvenus.medium.com/ewpt-review-11208fc43a9a
/ t tt / WPT R t 2/4
7/9/22, 6:33 PM eWPT Review. I have successfully completed… | by Anon Tuttu Venus | Medium
My Report Template:https://github.com/anontuttuvenus/eWPT-Report-
Template/blob/main/Report%20Template.doc Get unlimited access Open in app

Sample Report Template TCM : https://github.com/hmaverickadams/TCM-

Security-Sample-Pentest-Report

Some Tools Used in Exam:

Sqlmap ( https://thedarksource.com/sqlmap-cheat-sheet/)

Burp Suite ( https://cheatsheet.haax.fr/web-pentest/tools/burpsuite/)

patator ( https://en.kali.tools/?p=147)

WFUZZ

ffuf (https://cheatsheet.haax.fr/web-pentest/tools/ffuf/)

sublist3r

virustotal

Resource :

https://tryhackme.com/room/owaspjuiceshop

https://tryhackme.com/room/owasptop10

https://portswigger.net/web-security/dashboard

https://wooly6bear.files.wordpress.com/2016/01/bwapp-tutorial.pdf

https://www.youtube.com/watch?v=h2duGBZLEek

https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-
cheatsheet.html

Links:

eWPT Verify Link: https://www.elearnsecurity.com/certification/verify?

c=b9838e64-1438-47c7-9bb8-6b5683925b9a

Github: https://github.com/anontuttuvenus

Linkedin: https://www.linkedin.com/in/anontuttuvenus/
https://anontuttuvenus.medium.com/ewpt-review-11208fc43a9a 3/4
7/9/22, 6:33 PM eWPT Review. I have successfully completed… | by Anon Tuttu Venus | Medium

Get unlimited access Open in app

https://anontuttuvenus.medium.com/ewpt-review-11208fc43a9a 4/4