What is the exam about, and why did you decide to take it?

1. The exam is one hundred percent practical. The goal is to find all
   vulnerabilities (focused on web ones) in a scope delivered in a
   letter of engagement. eLearnSecurity says that the evaluation of the
   test is mainly based on the submitted report, which corresponds to a
   document with the highest quality. In it, the tester must sort,
   classify, and detail the vulnerabilities found.

2. The laboratory where the test is done is available for seven days
   from the start of the exam. You have an additional fourteen days to
   submit the report.

3. As a tip, it is crucial to understand the scope of the delivered
   document and what it implies (do not try anything different from
   that scope). In fact, eWPTv1 tests the abilities and knowledge that
   we achieve in Fluid Attacks. As a read team member, we manually
   search vulnerabilities in a defined target, though we usually
   support that searching with different types of tools.

Since this test is not multiple-choice questions but involves “to
perform an actual penetration test,” was
the exam preparation different from other exams you have taken?

1. My best preparation was my experience doing pentesting in Fluid Attacks.

That means you did not prepare yourself with the course given by
INE? (Considering that INE “is the premier provider of Technical
Training for the IT industry” and owner
of eLearn Security.)

1. I didn’t prepare with the INE.

How did you know you were ready to take the exam?

1. I did not know that. I took the eWPT test to learn about the type of
   eLearnSecurity exams, and it was a pleasant surprise to find that
   the experience gained at Fluid Attacks was enough to earn the
   certification.

What should we expect from the report that needs to be done as part of
the test?
How did you approach it?

1. The report must be of the best quality. There it would help if you
   described every vulnerability found in the evaluation target. You
   must include screenshots and evidence of exploitation of
   vulnerabilities and impacts obtained.

Tell us a little about your experience at the time of the exam.

1. The scan started on May 31, 2021, and I found all vulnerabilities
   on the same day. June 1, I prepared the report and presented it on
   June 2 in the morning.

2. The candidate can use any tool during the exam, yet most
   vulnerabilities are found manually. Therefore it is vital to know
   how to use the tools to our advantage and not delegate one hundred
   percent of the responsibility to them.

Will you have to take any certificate renewal exams?

1. No, this certification has no expiration.

Any tips for preparing for this particular exam?

1. If you have more than three years of experience in pentesting, the
   exam will be a “familiar experience.” If you do not have that
   experience, I recommend doing the training in INE to find the
   vulnerabilities and generate a quality report.

What’s next after this certification?

1. After this, I will keep preparing for other certifications,
   including eWPTX, an advanced version of eWPT.