eWPT Certification

The eWPT evaluates an individual’s skills across various domains and objectives, certifying their mastery and understanding.

Web Application Penetration Testing Processes and Methodologies (10%)

• Accurately assess a web application based on methodological, industry-standard best practices
• Identify vulnerabilities in web applications in accordance with the OWASP Web Security Testing Guide

Information Gathering & Reconnaissance (10%)

• Extract information from websites using passive reconnaissance & OSINT techniques
• Extract information about a target organization’s domains, subdomains, and IP addresses
• Examine Web Server Metafiles for information exposure

Web Application Analysis & Inspection (10%)

• Identify the type and version of a web server technology running on a given domain
• Identify the specific technologies or frameworks being used in a web application
• Analyze the structure of web applications to identify potential attack vectors 
• Locate hidden files and directories not accessible through normal browsing 
• Identify and exploit vulnerabilities caused by the improper implementation of HTTP methods

Web Application Vulnerability Assessment (15%)

• Identify and exploit common misconfigurations in web servers
• Test web applications for default credentials and weak passwords
• Bypass weak/broken authentication mechanisms
• Identify information disclosure vulnerabilities

Web Application Security Testing (25%)

• Identify and exploit directory traversal vulnerabilities for information disclosure
• Identify and exploit file upload vulnerabilities for remote code execution
• Identify and exploit Local File Inclusion(LFI) and Remote File Inclusion(RFI) vulnerabilities
• Identify and exploit Session Management vulnerabilities
• Exploit vulnerable and outdated web application components
• Perform bruteforce attacks against login forms
• Identify and exploit command injection vulnerabilities for remote code execution

Manual Exploitation of Common Web Application Vulnerabilities (20%)

• Identify and exploit Reflected XSS vulnerabilities
• Identify and exploit Stored XSS vulnerabilities
• Identify and exploit SQL Injection vulnerabilities
• Identify and exploit vulnerabilities in content management systems
• Extract information and credentials from backend databases

Web Service Security Testing (10%)

• Identify and enumerate information from web services
• Exploit vulnerable web services

The eWPT is a certification for individuals with a basic understanding of networks, systems, and an interest in penetration testing. Anyone can attempt the certification exam; however, it is designed for:

• Junior Penetration Testers
• Web Application Penetration Testers
• Web Application Security Professionals
• Web Application Developer
• IT Professional