eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2) Review

TLDR; If you can do TJ Null’s OSWE box list then you are probably good to go for the exam

Course

The course covers a fair bit of ground and in general carries on from the eWPT, the course is newer than the eWPT and covers more modern web exploits like SSTI, SSRF etc. and I would say the course material has also increased in quality, however, compared to something like PortSwiggers web academy it is till lacking behind. As with the eWPT I would still highly recommend the amazing material made available by PortSwigger. For a more detailed breakdown of the different subjects covered in the course please refer to the syllabus linked below.

The Exam

The exam for the eWPTXv2 certification requires you to perform a penetration test of several websites during a fixed time. There are many posts about the stability of the lab and how it has a tendency to crash, I did not find this to be the case during my exam (and retry), the environment was stable and no issues were observed. If you think you are experiencing some issues during the exam it might just be the payload you are using, for some of the exploitation, I found that a very specific payload needed to be used in order to succeed, if you find something and are having issues exploiting it tries to reference the lab walkthroughs and see if that helps.

The exam spans a week for the penetration testing and then you have another week for reporting, for the best chances of success try to have tools and report templates ready. There are a few points during the exam which are quite tricky and require some creativity but nothing too difficult and out of the box. If you are wondering if you are ready for the exam or just want some practice before d-day I would recommend that you try to do TJ Nulls OSWE track and take some good notes on execution and tools used.

Other than the above just remember to take frequent breaks, if you are stuck take a break go for a run, and remember that you have plenty of time and a free retry! Good Luck!

Resources

• https://dsxte2q2nyjxs.cloudfront.net/Syllabus_WAPTXV2.pdf
• https://www.todosec.com/infosec/infosec-topics/boxes/htb/htb-oswe-tjnull
• https://portswigger.net/web-security