Hi… I am getting ready for eWPT exam. Just wondering… in knowledge domains is written: * Manual exploitation of XSS, SQLi, web services, HTML5, LFI/RFI … what about: Clickjacking, etc… some of them need an user interaction. Are they going to be tested on the actual exam ?
Another question: is it going to be a pen test of an application only or the whole, quote: ‘actual penetration test on a corporate network.’ ??
Or I will have an application to test, only an application…?
Thx
Regards… Marcin
When you start the exam, you will receive the Letter of Engagement with scope details.
Exam is a Black Box Web Application Penetration Test. You are required to perform an extensive penetration test on all the hosts, domains and subdomains in scope and report any vulnerability + exploits.
Also the penetration test is modeled after a real-world scenario and the exam simulates active users browsing and working on the web application. So manual exploitation methods could be a possibility.
Also take extra care on reporting. The report should be decent and fulfill all the scope objectives.
Good luck @marcin.kosiorek-cc88
I am just wondering…
So the exam is more focused on web application pen test or extensive pen test of all host…?
If web app is tested so how can I test let say… if web app is vulnerable for ‘clickjacking’ …?
This is a user interaction needed… How can I test this…?
Just would like to know the exam is ‘pushed’ more for extensive pen test of all hosts or extensive web app test ?
Thx…
Regards Marcin
It is a web app test, if you think it is vulnerable to click jacking then you can do it yourself and show that if Amy users were to do this then, yes it would be a vulnerability.