eWPT Certification

eLearnSecurity Web application Penetration Tester



The eLearnSecurity Web Application Penetration Tester certification assesses a cyber security professional’s web application penetration testing skills. The exam is a skills-based test that requires candidates to perform a real-world web app pentesting simulation.


Here are some of the ways eLearnSecurity Web application Penetration Tester certification is different from conventional certifications:

  • Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a corporate network. This penetration test is modeled after a real-world scenario.
  • Not only will you deploy multiple methodologies to conduct a thorough penetration test, you must also write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.
  • Only individuals who provide proof of their findings in addition to writing a commercial-grade penetration testing report that correctly identifies the weaknesses in this “engagement” are awarded the eWPTv1 Certification.
Knowledge Domains

By obtaining the eWPT, your skills in the following areas will be assessed and certified:

  • Penetration testing processes and methodologies
  • Web application analysis and inspection
  • OSINT and information gathering techniques
  • Vulnerability assessment of web applications
  • OWASP TOP 10 2013 / OWASP Testing guide
  • Manual exploitation of XSS, SQLi, web services, HTML5, LFI/RFI
  • Exploit development for web environments
  • Advanced Reporting skills and remediation

The eWPT certifies pentesters that possess a highly technical knowledge of web application security. Anyone can attempt the certification exam, however the candidate needs the following skills to pass:

  • Letters of engagement and the basics related to a penetration testing engagement
  • Web application standards and protocols
  • Functional and infrastructural analysis on web applications
  • Vulnerability assessment of web applications
  • Manual exploitation of web applications
  • Ability to perform post-exploitation techniques
  • Outstanding reporting skills
The exam

eLearnSecurity’s eWPT is the only certification for Web Application Penetration testers that evaluates your ability to attack your target and provide thorough professional documentation and recommendation.

The candidate will receive a real-world engagement within INE’s Virtual Lab environment. You will need an Internet connection and VPN software in order to carry out this exam.

Certification Process

There are two ways to become an eWPTv1:

1. Purchase an INE subscription and enroll in the Web Application Penetration Tester Professional learning path.

The Web Application Penetration Tester Professional learning path takes you from a basic-intermediate understanding of web application penetration testing to a professional level.

The learning path prepares you for the eWPT exam with theory courses and hands-on practical labs similar to the final exam.


2. Attempting the certification without training

Candidates that feel prepared to demonstrate their practical and professional skills can purchase an eWPT voucher and go through the certification process at their own risk.

Whether you are attempting the eWPTv1 certification exam on your own or after having attended one of our approved training courses, you will need to follow these steps to get a certificate:

Whether you are attempting the certification exam on your own or after completing one of our approved learning paths, you will need to purchase an exam voucher before you can start your certification process. Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials, and any other materials related to the certification process.

Regular vouchers expire after 180 days from purchase.

Before the certification expires, you will have to begin the certification process by clicking on “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.

Once you click on the “Begin certification process” button, you will receive an email with instructions regarding the scope of engagement. This letter will contain everything you need to know to take your exam.

Once you have completed the exam portion, it’s time to finalize your report. This should be a commercial grade report proving all of your findings and providing remediation steps for your client. You must submit your report within 14 days from the beginning of the certification process (step 2), in PDF format for review.

You are awarded the certification after an eLearnSecurity instructor carefully reviews your findings and deems your work sufficient. Should you fail the first attempt, you will receive valuable feedback from our instructors. You will then have one free attempt to re-take the certification.

This exam is manually graded. Once submitted, it may take up to 30 days to receive your results.