|Certified Penetration Tester (CWAPT)
The CWAPT certification is designed to certify that candidates have working knowledge and skills in relation to the field of web application penetration testing.
The CWAPT consists of 10 domains directly relating to job duties of penetration testers in the web application field.
The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. The 10 Certified Web App Penetration Tester (CWAPT) Domains are as follows:
- Cross-Site Scripting
- Broken Authentication
- Insecure Direct Object References
- Cross-Site Request Forgery
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
Any candidate that answers 70% of the questions correctly is considered to have passed the multiple choice exam.
Upon completion of the multiple choice exam, candidates are then distributed a take-home practical, in which they will be tested on their ability on three Challenges. Candidates have 60 days from the completion of the multiple choice exam to complete the practical examination. The practical is delivered via VMware Virtual Machines. You must have the ability to set up Virtual Machines in order to attempt the practical. The three challenges are as follows:
Challenge #1: Compromise Web App #1 and recover Token A
Challenge #2: Compromise Web App #2 and recover Token B
Challenge #3: Comrpomise Web Server and recover Token C
Candidates are instructed to submit the contents of Token A , B, and C. Partial credit is given when submitted with detailed documentation.
The practical is then submitted to an exam proctor, who will grade the exam. A 70% is considered a passing grade. Generally, candidates that submit both Token A and Token B will pass the exam.
Becoming a candidate for the CWAPT exam:
There are three options for taking the CWAPT exam:
- The CWAPT is available at any of our training partner's locations throughout the world.
- The exam can be proctored on-site at your location for groups of 10 or more.
- Individuals employed at member organizations can take the exam over the internet
Access to the CWAPT exam:
- All CWAPT related correspondence is sent to the email address you provided when you registered.
- All training and certification is conducted through the exam engine. Use the exam engine to log in to your account to take exams..
- Once you log in, you will have links for Certification Attempts and/or Self Study Files as appropriate to your registration.
- Please be sure to read all documentation pages.
As the IACRB is a not-for-profit organization, please be aware that fees are used only for administrative functions.
- Flat fee of $499 per exam
- On-site proctored exams are $399 per voucher
Ready to take the exam? Contact a training partner or register to take the exam here.
The CWAPT certification has now moved to a four year certification period. Regular renewal of a certification ensures that IACRB professionals maintain their knowledge and skills over time. Recertification is conducted via the exam engine system.
Your recertification will become available for registration in your portal account one year in advance of your certification expiration. Recertification candidates will be taking exactly the same exams as current certification candidates.
There are no fees associated with re-certification.
Tips for Success:
The CWAPT certification program is very challenging. We offer the following advice when pursuing your certification:
- Budget your time carefully. Don't postpone until the last minute and expect to do well.
- Plan to spend some hands on time working with any of the resources available on the internet for exploit writing. You are not formally required to have experience in the field in order to take the CWAPT certification. Do realize that by design the CWAPT focuses on and tests your ability to apply your knowledge and skills in practice. You will have a much easier time with the certification process if you've spent some time working with the tools and technology.
Contact Us for more information about this certification.