In this post I will talk about my experience with eWPTX certificate.
I did register for this course since I was looking for advanced training in Web Hacking, eWPTX was the best option out there after reading the syllabus.
Registration went smoothly, there is no waiting queue like OSCP. pay and start the course instantly!
The materials is very good and cover many topics in details. however I found it annoying that many slides contains a few line of sentences, This can be rearrange to be presented in better way. But I like the option to read the materials in many forms like PDF,HTML5 or Flash.
The materials covers XSS, CSRF, SQLi and XML attacks But what makes this course interesting is the use of evasion and obfuscation techniques to carry on a successful attacks. That’s why its important to study and focus in the first portion of the materials that talks about the different encoding used in the web.
The lab was great! well maintained with many nice feature. the lab is isolated so each student has his own scenario to test and practice. Course topics is divided in separate labs with many small tasks to be tested. Also there is a solutions provided for each labs in case student need it.
the student can start the exam at any time. I decided to start mine after 3 months of reading the materials and practicing in labs.
The exam is quite nice, You are tasked to do a black box approach for a small web app. There is no specific tasks assigned, You have to find as many vulnerabilities as you can in one week time frame.
It was a great/ frustrating experience 🙂 I kept coming to the web app every day and question everything until the last day. after that you have one week to write the report and submit it, I did write/review in 2 days.
After 3 weeks I received the pass email.
The eWPTX is a great course, I did learn many new topics like 2nd Order SQLi and make the best of Tools like SQLMap.
However I think eLs should maintain the course, many typos exists since 2014 and some of the provided solutions for labs does not work and need to be checked.
But this will not effect the course and anyone interested in advanced web hacking will find this course great.