The New Year
As we embrace the new year, it's a time of growth, learning, and seizing opportunities to enhance our professional capabilities. I'm excited to announce that I received access to the HTB-CWEE (Certified Web Expert Engineer), a senior web penetration tester job-role path, accompanied by an exam attempt. This will allow me to skill up and prepare for more advanced challenges in web application penetration testing, hopefully leading to more career opportunities.
HTB - CWEE
The journey through the HTB—CBBH (Certified Bug Bounty Hunter) course last year was a big step for me. It significantly boosted my confidence in web application penetration testing and ultimately landed me the position I currently have, which I'm grateful for.
Designed for those aiming to master identifying sophisticated web vulnerabilities, the CWEE course combines black-box and white-box testing techniques. It offers advanced training in web security, penetration testing, secure coding practices, application debugging, source code review, and custom exploit development. This comprehensive curriculum is structured to equip participants with the skills to perform security assessments professionally against complex web applications.
My Strategy for Mastering CWEE
To maximize this opportunity, I have devised a detailed plan to thoroughly immerse myself in the CWEE curriculum. Here’s how I intend to approach it:
Deep Dive into CWEE Module—My focus will be on absorbing the knowledge and skills the course offers, supplemented by practical exercises and additional blog readings from other experts.
Hands-on Practice with PortSwigger Labs—I plan to undertake related labs on PortSwigger following each module to reinforce my learning. These labs will provide a practical playground for applying newly acquired skills and maybe show additional techniques.
Reflection and Knowledge Sharing - I believe in the value of reflection and the power of sharing knowledge. I aim to document my journey, challenges, areas for improvement, and key learnings through this blog, hoping to inspire and guide others on a similar path.
Embracing the Challenge of Code Review - Anticipating that code review might be my biggest hurdle, I will look towards additional outside sources like https://www.pentesterlab.com/.
Charting My Path
The journey to becoming a senior web penetration tester is brimming with challenges that demand persistence, dedication, and an unwavering commitment to learning. By sharing my journey, I hope to deepen my own understanding and inspire others in the cybersecurity community.
As I embark on the CWEE course, facing each challenge head-on, I'm excited to introduce the "Learn With Me" articles. This is about writing my learning journey through the CWEE into a series of articles covering the vast array of subjects I'll be exploring. From the intricacies of vulnerabilities to the nuances of secure coding practices, each article will aim to:
Demystify Complex Topics: Break down each subject into understandable segments, making the learning curve less steep for everyone.
Highlight Real-World Applications and Vulnerabilities: Sharing insights on how theoretical knowledge applies to practical scenarios, emphasizing common pitfalls and how to avoid them.
Incorporate a Structured Checklist: I will strive to create a comprehensive checklist for each subject covered. This checklist will outline key concepts, common vulnerabilities, and solid strategies for testing functionality, serving as both a learning tool and a practical reference for future security assessments.
Foster a Community of Learning: By documenting my progress and reflections, I invite feedback, tips, and additional insights from everyone, turning this into a collaborative learning experience.
Beyond reinforcing my learning, the "Learn With Me" Series is an open invitation for knowledge exchange. I look forward to the discussions it will spark. As I tackle subjects like OAuth, SAML, and JWTs, and delve deeper into the CWEE labs, these articles will hopefully serve as milestones of content mastery.
Socials:
https://twitter.com/BadAt_Computers
https://www.linkedin.com/in/randomname/
https://discord.gg/jhaddix
I'm regularly active in Jason Haddix's Discord community. Feel free to join us there to chat and delve into the nuances of cybersecurity. Let's connect!