Review of the Certified AppSec Pentester Certification: Tips for Passing on Your First Attempt
I was scrolling through LinkedIn and noticed a couple of hackers on my newsfeed posting that they passed the mock exam for the CAPen Certification by The SecOps Group. This caught my interest because I had never heard of the Certified AppSec Pentester before or knew that The SecOps Group was a certificate authority. While researching, I came across a coupon code that allowed me to buy the exam voucher for 80% OFF, totaling just $50, which also includes a free retake! I thought to myself, "Why not? That's an unbeatable deal!"
I ended up purchasing an exam voucher and received an email confirming my order. The email mentioned that I would get my exam link and VPN configuration details within 2 business days. I was pleasantly surprised to receive the exam link and VPN configuration in less than 24 hours!
I decided to begin the exam right after work because I couldn't resist using the exam voucher I had. Starting the exam was simple: log in, click the start exam button, and connect to the exam environment using openVPN. The whole process is fully automated.
They provide you with slightly over 4 hours to answer 17 questions. Some are multiple choice, and some require you to submit flags, which is quite similar to the new eWPTv2 exam, as far as I know. Four hours is plenty of time to tackle the challenges. Once you finish, you simply click the finish button. You'll immediately find out if you passed or failed. If you passed, you receive your certification instantly. The whole process is entirely automated. The user experience is fantastic; I really enjoyed it.
With that said, I am proud to announce that I am officially a Certified AppSec Pentester, CAPen Certified.
๐ Interested in taking a shot at the CAPen Certification Exam? Here's an 80% OFF voucher that you can use, which includes a free retake with no wait time!
๐ Coupon Code: CAPen-80-OFF
๐ Tips to Pass the CAPen Exam ๐
As mentioned before, you have a little over 4 hours to answer multiple-choice questions and submit flags covering different OWASP Top 10 vulnerability categories like XSS labs, SQLi labs, and XXE injection, among others. The SecOps Group concentrates on being a certificate authority, so they expect you to study the technical concepts on your own. However, they do offer a syllabus for the CAPen exam to guide your preparation.
However, I wanted to expand on this and provide more focused material to help anyone preparing for this certification, to improve your chances of passing on your first attempt!
You have my assurance that if you review the information below, you will be well-prepared. And here's the good news: if you don't pass, you can retake the exam immediately, and the best part is, you only paid $50 for it.
1. Recon / Enumeration
For recon and enumeration, if you feel ready for an intermediate-level certification, this should be quite straightforward for you. Nonetheless, I wanted to offer a few resources just in case.
https://www.hackerone.com/ethical-hacker/how-recon-and-content-discovery
https://appsecexplained.gitbook.io/appsecexplained/enumeration/content-discovery-recon
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/
2. Cross Site Scripting (XSS)
For cross-site scripting, remember that CAPen is an intermediate certification. While you don't need to be an expert, you should be able to recognize various XSS contexts and know how to create payloads when there is sanitization, encoding, or filtration.
I recommend checking out the following links to make sure you understand these concepts. Then, practice hands-on by using the Portswigger Web Academy labs mentioned below.
https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/
https://portswigger.net/web-security/cross-site-scripting/contexts
3. Cross Site Request Forgery (CSRF)
For this category, understanding how to attack and PREVENT CSRF attacks will greatly benefit you when actively testing in the exam environment.
I recommend reviewing the following links to ensure you are familiar with these topics, and then practice hands-on using the Portswigger Web Academy labs mentioned below.
4. Insecure File Uploads
For this vulnerability, although there are various ways to exploit it, I recommend keeping it simple and not overthinking it.
I suggest reviewing the following links to make sure you understand these topics, and then practicing hands-on with the Portswigger Web Academy labs mentioned above.
https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-path-traversal
https://portswigger.net/web-security/file-upload#how-do-web-servers-handle-requests-for-static-files
5. Cloud Misconfigurations
For "cloud misconfigurations," please don't be intimidated by the term. The SecOps Team has additional certifications for cloud-based pentesting. However, you should understand how to exploit common misconfigurations and security flaws in popular cloud services like S3 buckets.
I recommend checking out the following links to make sure you understand these topics. Then, practice hands-on with the flAWS Cloud and flAWS2 Cloud labs mentioned below.
https://github.com/pop3ret/AWSome-Pentesting/blob/main/AWSome-Pentesting-Cheatsheet.md
https://github.com/Lifka/hacking-resources/blob/main/cloud-hacking-cheat-sheets.md
6. Access Control (authorization/authentication)
For access control-related vulnerabilities, I recommend learning about common password reset flaws and insecure direct object references.
I suggest reviewing the following links to make sure you understand these topics, and then practice hands-on using the Portswigger Web Academy labs mentioned below.
https://portswigger.net/web-security/access-control#parameter-based-access-control-methods
https://portswigger.net/web-security/access-control/lab-user-role-controlled-by-request-parameter
https://portswigger.net/web-security/access-control/lab-user-role-can-be-modified-in-user-profile
https://portswigger.net/web-security/authentication/other-mechanisms#resetting-user-passwords
https://portswigger.net/web-security/authentication#how-do-authentication-vulnerabilities-arise
7. SQL Injection
For SQL Injection, I recommend understanding how to test for SQL injection manually and then using the SQLmap tool to simplify your work. While the exam might require more detail on various SQLi contexts, the solutions are quite straightforward for an intermediate certification level. Remember, a '
can go a long way!
I suggest reviewing the following links to ensure you are comfortable with these topics, and then practice hands-on by using the Portswigger Web Academy labs mentioned below.
https://portswigger.net/web-security/sql-injection#how-to-detect-sql-injection-vulnerabilities
https://portswigger.net/web-security/sql-injection/blind/lab-time-delays
https://gist.github.com/jkullick/03b98b1e44f03986c5d1fc69c092220d
8. XML External Entity Injection (XXE)
For XXE Injections, I believe the solution is quite straightforward, although it could delve deeper into different contexts and types of XXEs that can be exploited. Nonetheless, the solution is pretty simple.
I recommend checking out the following links to make sure you understand these topics well, and then practice hands-on by using the Portswigger Web Academy labs mentioned below.
https://portswigger.net/web-security/xxe#how-to-find-and-test-for-xxe-vulnerabilities
https://portswigger.net/web-security/xxe#exploiting-xxe-to-retrieve-files
https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-perform-ssrf
๐ง Final Thoughts ๐ง
All in all, the Certified AppSec Pentester (CAPen) certification was enjoyable, and the attack scenarios are quite realistic. However, I believe that some of the vulnerability categories might be a bit too simple for a mid-tier certification, especially when creating effective payloads, and could be more challenging. Nevertheless, the exam setup is robust, the on-demand experience was excellent, and I highly recommend taking this certification if you want to validate your skills as a web application penetration tester. It's a great step towards reaching the expert level. I would compare it to the eWPTv2 exam but with more variety, and you can get it for $50 using the coupon code below. That's a deal that's hard to pass up.
๐ Interested in taking a shot at the CAPen Certification Exam? Here's an 80% OFF voucher that you can use, including a free retake with no wait time:
๐ Coupon Code: CAPen-80-OFF
If you have any questions, feel free to ask me. Just send me a direct message on Twitter at twitter.com/grumpzsux.
Until next time my fellow nerds. Sergio Medeiros