Looking for team training? Get a demo to see how INE can help build your dream team.
The Exam
INE Security’s eWPT is for professional-level Penetration testers that validates that the individual has the knowledge, skills, and abilities required to fulfill a role as a web application penetration tester.
This certification exam covers Web Application Penetration Testing Processes and Methodologies, Web Application Analysis and Inspection, and much more. See the Exam Objectives below for a full description.
This exam is designed to be a milestone certification for someone with foundational experience in web application penetration testing, simulating the skills utilized during a real-world engagement. This exam truly shows that the candidate has what it takes to be part of a high-performing penetration testing team.
Exam Objectives
The eWPT assesses and certifies an individual’s skills in Web Application Penetration Testing Processes and Methodologies (10%), Information Gathering & Reconnaissance (10%), Web Application Analysis & Inspection (10%), Web Application Vulnerability Assessment (15%), Web Application Security Testing (25%), Manual Exploitation of Common Web Application Vulnerabilities (20%), and Web Service Security Testing (10%), The following objectives are tested for mastery:
- Accurately assess a web application based on methodological, industry-standard best practices
- Identify vulnerabilities in web applications in accordance with the OWASP Web Security Testing Guide
- Extract information from websites using passive reconnaissance & OSINT techniques
- Extract information about a target organization’s domains, subdomains, and IP addresses
- Examine Web Server Metafiles for information exposure
- Identify the type and version of a web server technology running on a given domain
- Identify the specific technologies or frameworks being used in a web application
- Analyze the structure of web applications to identify potential attack vectors
- Locate hidden files and directories not accessible through normal browsing
- Identify and exploit vulnerabilities caused by the improper implementation of HTTP methods
- Identify and exploit common misconfigurations in web servers
- Test web applications for default credentials and weak passwords
- Bypass weak/broken authentication mechanisms
- Identify information disclosure vulnerabilities
- Identify and exploit directory traversal vulnerabilities for information disclosure
- Identify and exploit file upload vulnerabilities for remote code execution
- Identify and exploit Local File Inclusion(LFI) and Remote File Inclusion(RFI) vulnerabilities
- Identify and exploit Session Management vulnerabilities
- Exploit vulnerable and outdated web application components
- Perform bruteforce attacks against login forms
- Identify and exploit command injection vulnerabilities for remote code execution
- Identify and exploit Reflected XSS vulnerabilities
- Identify and exploit Stored XSS vulnerabilities
- Identify and exploit SQL Injection vulnerabilities
- Identify and exploit vulnerabilities in content management systems
- Extract information and credentials from backend databases
- Identify and enumerate information from web services
- Exploit vulnerable web services
Who It’s For
The eWPT is a certification for individuals with a basic understanding of networks, systems, and an interest in penetration testing. Anyone can attempt the certification exam; however, it is designed for:
- Junior Penetration Testers
- Web Application Penetration Testers
- Web Application Security Professionals
- Web Application Developer
- IT Professional
Get eWPT Certified
New to INE and INE Security?
The INE Premium subscription offers the updated Web Application Penetration Testing Professional Learning Path, built for professional-level Red Teamers with a basic understanding of penetration testing fundamentals. It prepares you to take the eWPT exam through a blend of expert-led courses and practical lab time. When you’ve completed the learning path, you’re ready for the exam!
OR