Journey into eWPTX


On the request of some people I thought of writing a small review for this course and certificate. The course is WAPTx – Web Application Penetration Tesing eXtreme. The certificate is eWPTX – eLearnSecurity Web application Penetration Tester eXtreme. Last year I completed eWPT you check that post from here.
This course is very up to date compared to other web application penetration testing courses. I learned many things that I didn’t know in different web application technologies. There are many languages, technologies in the world of web applications. It’s very hard to master them all. This course however covers many advanced attack methodologies.

The exam is however “hard”, not matter you are a web developer or a networking guy, you need to make sure you understand how each vulnerability is exploited and also how to bypass filters. You cannot just fire up a tool and expect results. Make sure you understand manual exploitation and exploitation is always not straight forward in real world applications.

I actually loved the exam, it was a very small web app but lots of unseen holes. My experience with SQL injections came in handy in the exam 😉

If you are seeking for a next level certification in web application hacking I would recommend this course.

It was a very fast year! 2016 ended nicely as I planned. By October completed eCPPT, by November completed eCRE, by December completed eWPTX 🙂 Nothing is impossible if you try hard 😉

Thank you everyone for your feedback and messages!



7 thoughts on “Journey into eWPTX

  1. Wow you got three certs in three months…that’s impressive! I’m currently studying for the ECPPT and I’m a bit nervous on the system security section. The stack is a bit overwhelming. Any advice? I planned on taking the eWPT this year as well.

    • Thanks for the comment 🙂 Don’t focus too much into low level if you are new. Just make sure you get a working exploit by understanding the basics. This is all enough for eCPPT. I would suggest you to check Corelan’s tutorials if you want to dive deep. Also you should experiment on your own, the material provided by eCPPT is great to understand every concept clearly 🙂

  2. Hey there,

    I’ve just started WPTX, I love the material, I actually consider web apps to be my weakest topic because I have done so much exploit dev. I have passed OSCP, OSCE and OSWP through offensive security. These were amazing courses. Offsec have not made their web course available online yet so I am doing this in the meantime to improve my web app skills and also prepare for when I do the AWAE course through offsec.

    I have only covered about half the materials but I have already seen so many gaps in my knowledge mainly around filter bypass and WAF evasion. Makes me nervous not being familiar with these topics but also excites me because this is where you actually learn things.

    Great review, I hope I am up to the challenge of the exam when I do get around to taking it. I really want to make sure I am ready before I do though. Any advice on tackling this course/exam if coming from a heavy exploit dev background? I am fine with basic web app testing, did plenty of this in the 50+ labs in OSCP and the exam. I took this course to take my skills to the next level.

    • If you have a good background in application security in general and can understand the core of it, it won’t be hard for you 🙂 Sometimes same principals apply everywhere 😉 Good luck with eWPTX John 🙂

  3. Hey Osanda,

    I’m trying to decide between eWPT and eWPTx. I passed my OSCP exam in March so I’m not a complete novice when it comes to Web App Pentesting. Could you give me some insight on this? Do you think I won’t miss out too much if I start with the eWPTx straight away?

Leave a Reply