eLearnSecurity WAPTv3 Journey.

wd40

Hi.

I am starting this thread to motivate me to finish eWPT this year, I am an IT Support guy, at my current job I don't need penetration testing knowledge, and I am forbidden from trying to use any of the things that I learn.
It is a good paying job, a good team and good company, so I don't have a real incentive to try to change jobs.

I started with pen-testing study back in 2014, what I did in the last 3+ years is listed below:
Note: I like to pay for training

2014-Dec-14: Bought Penetration Testing Student V2 (49.00$)
2015-Feb-27: Bought Penetration Testing Student V3 (199.00$)
2015-July-12: Passed eJPT v3 (0.00$)
2015-June-30: Bought Web Application Penetration Testing V2 Elite (719.40$)
2016-June-30: Bought Penetration Testing Professional v4 Elite (699.30$)
2017-June-28: eWAPT Lab expired, I bought a 60 Hours extension (249.00$)
2018-May-23: Bought Penetration Testing Professional v5 Elite upgrade (519.60$)
2018-Aug-31: Bought Web Application Penetration Testing V3 Elite upgrade (359.70$)

So in total I paid eLearnSecurity 2,795.00$ in 3 years and only have eJPT, this must change.

wd40

I Finished Unit 1 (Penetration Testing Process) Good general information in that Unit.

I finished reading Unit 2 (Introduction) and watched the videos, now I am stuck in the LAB.
It is a little bit frustrating, the Videos are too old referring to Iceweasle (now firefox) and old Firefox plugin FireBug, old versions of Burp Suite and OWASP Zap.

So, instead of progressing I need to look for ways to do the lab using the updated versions of the tools.

I will write Back after finishing the Labs with hints on how to use the updated versions of the tools.

MalwareMike

I've spent quite that amount of money but I definitely have a few courses with them and haven't finished them...I've barely touched them.

chrisone

If you don't want to feel the sting of paying for something you haven't gotten around to accomplishing yet, I would recommend to make sure you are putting these expenses on your taxes. You should be putting the books and courses you spend for ANY IT related training, on your taxes. I can't believe I went years! without doing this! I plan on getting some type of reimbursement from the government this year as well! I have been doing it for the past 3 years now ....stupid me , but I get it back during taxes now.

MalwareMike

chrisone wrote: »

If you don't want to feel the sting of paying for something you haven't gotten around to accomplishing yet, I would recommend to make sure you are putting these expenses on your taxes. You should be putting the books and courses you spend for ANY IT related training, on your taxes. I can't believe I went years! without doing this! I plan on getting some type of reimbursement from the government this year as well! I have been doing it for the past 3 years now ....stupid me , but I get it back during taxes now.

Do you have any links to exactly what you are referring to?

JoJoCal19

*Disclaimer: Not legal or accounting advice

https://smallbusiness.chron.com/training-costs-tax-deductible-43461.html If the training helps you sustain or grow in your current role, you can include it in your taxes it seems. The deduction is not refundable it seems, but reduces your taxable income.

FluffyBunny

JoJoCal19 wrote: »

*Disclaimer: Not legal or accounting advice

https://smallbusiness.chron.com/training-costs-tax-deductible-43461.html If the training helps you sustain or grow in your current role, you can include it in your taxes it seems. The deduction is not refundable it seems, but reduces your taxable income.

Of course, that excludes any training and certs paid for by your employer.

#StatingTheObvious

chrisone

Good luck on the WAPTv3 course, it looks good. I bought the upgrade myself but won't be doing it until late 2019 once SLAE and OSCE is done.

Khohezion

I know that feeling for the second lab. Working on it myself. But I'm dodging Hurricanes where I live so I cannot focus too much time on it...

wd40

Thanks chrisone and good luck to you.

I just finished the LAB for Unit 2.

First, Firebug is no longer available, Firefox Developers tools can be used instead, link below is for good documentation on Mozilla Developer Network to show how to use them.

To view cookies "Network" tab can be used, but to manage cookies you will need to go to the Toolbox options and enable the "Storage" Tab.

https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector

For Burp Suite, and ZAP, you might need to change the ports from default 8080, if other services are using them on your PC port 8080 will not work, so I made Burp 8081 and ZAP 8082.

Also for OWASP ZAP the two arrow used to control the breakpoints are replaced with a single green circle in the same location.

Next, I will go through a free 2 Hours Burp Suite course on udemy.

https://www.udemy.com/burp-suite/

Test_student

Hi WD40, have you had a chance to compare the WAPTv2 and v3 material?

I saw that they added two extra modules but otherwise the syllabus looked the same, I'm just wondering if they updated the course material for v3 or it's the same as v2?

Thanks for the link to the free Udemy Burp course!

wd40

Hi Test_student,

As per eLearnSecurity the courses are identical, with the exception of the added modules in v3, so no need to waste time in comparing them.

I just finished the Burp Suite course and highly recommend it, I had to download virtual box (which is really easy in Linux), learned about WebGoat and had a small tip about xss.

I bought the instructor's other course for 10$ "he sends a coupon after you complete the free course".
https://www.udemy.com/webhacking/

Next: I will start with module 3 and go through the udemy course.

MalwareMike

wd40 wrote: »

Hi Test_student,

As per eLearnSecurity the courses are identical, with the exception of the added modules in v3, so no need to waste time in comparing them.

I just finished the Burp Suite course and highly recommend it, I had to download virtual box (which is really easy in Linux), learned about WebGoat and had a small tip about xss.

I bought the instructor's other course for 10$ "he sends a coupon after you complete the free course".
https://www.udemy.com/webhacking/

Next: I will start with module 3 and go through the udemy course.

They still had firebug in the v3 material? That shows you they didn't update the material...now im annoyed I bought V3.

Test_student

Hi WD40,

Thanks for the quick response. It looks like I saved $359 then, good to know!

I'm signing up for the Udemy course later today, thanks again for the info.

Khohezion

MalwareMike wrote: »

They still had firebug in the v3 material? That shows you they didn't update the material...now im annoyed I bought V3.

The slides are updated. But the video that came with the slides is not. Can confirm I am on that section now.

wd40

MalwareMike, I am more annoyed by the annoying music that plays at the start of every Video, Just finish the course maybe the extra modules are worth the 359$, plus if you fail twice you still have two attempts from the V2 course.

I just noticed that you only have 2 attempts for this, maybe because the exam did not change, for eCPPT there are 2 different exams (Gold and V2 hence the 4 attempts)

Aah, I hit edit instead of quote and deleted my post ... I am not typing it again ...

wd40

I finished the Lab, it took 25 minutes, I remember doing it 3 years ago when I bought the course .

Next: Unit 4

Skyyyyy2001

Can I check are there any links or references to say that we are entitled to more than 1 attempt for the exam for WAPT and ECPPT?

wd40

Here

https://www.elearnsecurity.com/certification/ewpt/process

One of our instructors will carefully review your report and if your findings and the quality of the report is deemed sufficient to pass the exam, you will become an eWPTv1.Should you fail the first attempt, the instructor will provide you with valuable feedback. Armed with this information you will have a free retake to be used within 7 days to upload a new report.The retake time window will begin from the moment you review the examiner's feedback. During this period the exam lab network will be re-opened for further tests. In any case a new report should be uploaded no later than 14 days from the date you receive the first attempt results by email.

Skyyyyy2001

Beautiful. Thanks so much!

bedpankh

Hi, 
I have enrolled myself in WAPT v3 myself, want to share lab experiences? it would really help me to have someone to discuss them with, otherwise i dont understand if i am doing them right or not. :P