Study Guide for the eWPTX Exam
Let’s Start
The eWPTX (Web application Penetration Tester eXtreme) certification is one of the most challenging and recognized in the field of security. It is designed to assess and validate skills in web application penetration testing. To learn more about it, here is the link to the official site.
To achieve this certification, I have compiled a list of study resources and HackTheBox machines that can be used alongside the course provided by INE.
Resources
Deserialization
- HTB — Introduction to Deserialization Attacks
- HTB — Advanced Deserialization Attacks
- PortSwigger — Deserialization
Server-Side Request Forgery (SSRF)
- PortSwigger — SSRF
- HTB — Server-Side Attacks
Server-Side Template Injection (SSTI)
- PortSwigger — SSTI
- HTB — Server-Side Attacks
XXE (XML External Entity)
- PortSwigger — XXE
- HTB — Web Attacks
SQL Injection
- PortSwigger — SQL Injection
- HTB — SQL Injection Fundamentals
- HTB — SQLMap Essentials
Cross-Site Scripting (XSS)
- PortSwigger — XSS
- HTB — Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
- PortSwigger — CSRF
- HTB — Advanced XSS and CSRF Exploitation
HackTheBox machines
Practice is essential to pass the eWPTX certification. Here’s a list of HackTheBox machines that will help you sharpen your skills:
- Arkham
- NodeBlog
- BountyHunter
- RedPanda
- PopCorn
- GoodGames
- Pandora
- Trick
- Love
- Sau
- Forge
- SecNotes
Another resources
In addition to the resources mentioned earlier, here are some additional links that may be useful:
- PortSwigger — Information Disclosure
- HTB — JavaScript Deobfuscation
- Omar Palomino’s playlist.
Conclusion
Achieving the eWPTX certification requires dedication and practice. Use these study resources and HackTheBox machines to prepare thoroughly. With proper preparation and a good methodology, you will be well on your way.
Good luck on your journey to the eWPTX! If you have any additional questions or need more resources, don’t hesitate to ask. 👨💻😉
