📝eWPTv2
INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes
INE Security’s eWPT is for professional-level Penetration testers that validates that the individual has the knowledge, skills, and abilities required to fulfill a role as a web application penetration tester.
This certification exam covers Web Application Penetration Testing Processes and Methodologies, Web Application Analysis and Inspection, and much more. See the Exam Objectives below for a full description.
This exam is designed to be a milestone certification for someone with foundational experience in web application penetration testing, simulating the skills utilized during a real-world engagement. This exam truly shows that the candidate has what it takes to be part of a high-performing penetration testing team.
Course duration & Topics ⏳📚
~ 106 hours (10 courses , 175 videos, 126 quizzes, 58 labs)
Web Proxies ~ 12 hours
Cross-Site Scripting (XSS) ~ 9 hours
SQL Injection (SQLi) ~ 17 hours
Common Attacks ~ 12 hours
File & Resource Attacks & Web Service Security Testing ~ 11 hours + 5 hours
CMS Pentesting ~ 9 hours
Encoding, Filtering & Evasion ~ 8 hours
🛣️ RoadMap / Exam Preparation 🧑🏻🏫
E-Links 🔗📔
Where to find the Web Application Penetration Tester course? - INE Learning Paths
Where to find the eWPTv2 certification exam? - eWPT
Training and Labs
eWPT Exam 📄🖊️
Exam Type: Multiple-choice quiz (throught lab environment)
Time limit: 10 hours
Expiration date: 3 years
Objectives:
Web Application Penetration Testing Processes and Methodologies (10%)
Accurately assess a web application based on methodological, industry-standard best practices
Identify vulnerabilities in web applications in accordance with the OWASP Web Security Testing Guide
Information Gathering & Reconnaissance (10%)
Extract information from websites using passive reconnaissance & OSINT techniques
Extract information about a target organization’s domains, subdomains, and IP addresses
Examine Web Server Metafiles for information exposure
Web Application Analysis & Inspection (10%)
Identify the type and version of a web server technology running on a given domain
Identify the specific technologies or frameworks being used in a web application
Analyze the structure of web applications to identify potential attack vectors
Locate hidden files and directories not accessible through normal browsing
Identify and exploit vulnerabilities caused by the improper implementation of HTTP methods
Web Application Vulnerability Assessment (15%)
Identify and exploit common misconfigurations in web servers
Test web applications for default credentials and weak passwords
Bypass weak/broken authentication mechanisms
Identify information disclosure vulnerabilities
Web Application Security Testing (25%)
Identify and exploit directory traversal vulnerabilities for information disclosure
Identify and exploit file upload vulnerabilities for remote code execution
Identify and exploit Local File Inclusion(LFI) and Remote File Inclusion(RFI) vulnerabilities
Identify and exploit Session Management vulnerabilities
Exploit vulnerable and outdated web application components
Perform bruteforce attacks against login forms
Identify and exploit command injection vulnerabilities for remote code execution
Manual Exploitation of Common Web Application Vulnerabilities (20%)
Identify and exploit Reflected XSS vulnerabilities
Identify and exploit Stored XSS vulnerabilities
Identify and exploit SQL Injection vulnerabilities
Identify and exploit vulnerabilities in content management systems
Extract information and credentials from backend databases
Web Service Security Testing (10%)
Identify and enumerate information from web services
Exploit vulnerable web services
Resources 📑📘
Last updated