PARA LA VERSION EN ESPAÑOL DA CLICK AQUI




Name: Certified AppSec Pentesting eXpert (CAPenX)

Company: The SecOps Group

Price: £800

Coupon (Updated 03/07/2024): ANNIVERSARY-80-OFF

Price after coupon: £80

Difficulty: Intermediate/Advanced

Recommended: It depends on the price, but in general, yes.

Url: https://secops.group/product/certified-appsec-pentesting-expert-capenx/




What does it include?

As usual, The SecOps Group certifications do not include any type of course or training, the price is only for the exam and a retake.



What is the exam like?

The exam is a CTF type evaluation, in which we are presented with multiple flags, which we have to obtain by exploiting vulnerabilities.

For example, exploit a vulnerability that allows us to view files on the server, and thus obtain the file with the flag.

A very important fact is that the flag score depends on the difficulty of exploiting the vulnerability. Therefore, not all the flags are worth the same.

This exam is unsupervised, and a connection to a VPN provided by them is required.



How is the purchase made?

Directly in https://secops.group/product/certified-appsec-pentesting-expert-capenx/ .

An important fact is that you do not need to have a registered account on the site, when you make the purchase, you put an email. It is VERY IMPORTANT TO PLACE AN EMAIL TO WHICH YOU HAVE ACCESS.

This is because the purchase process is as follows:

  1. You make the purchase on The Sec Ops Group website.
  2. Fill in the information in the form that is presented to you on the site.
  3. In the email that you have placed, you will be sent your vpn access, user to submit the exam, and connection urls.



Pros

  • This certification is somewhat advanced, because you need to perform exploits that require you to know how the vulnerability works, and not just launch a generic payload, which is a very good point.

  • Most of the difficulties presented are directly because you require some bypass or other form of exploit, making it somewhat realistic.

  • The exam mode is ctf style, which might seem like a negative point, however, it is quite the opposite. Because it makes you look for vulnerabilities everywhere, and it is not the classic boot2root exam.

  • When you make the purchase, it includes a retake, which is always appreciated.

  • In general it is a realistic exam, taking into account that it is of CTF type.



Cons

  • Not having any course or preparation, and being a very extensive syllabus, you do not really know if you are prepared to present it.

  • The environment of the exam takes some time to be displayed (about 30 mins.), although the exam contemplates this time giving you 7:30hrs to present it, at no time is it notified that it will be so long, so you may think that you are doing something wrong.

  • The price of £800.00 in my opinion is quite high, taking into account that it does not include any kind of preparation.

  • The purchase process can seem misleading if you are not used to it.



In my opinion, is it worth it?

Honestly, it depends a lot on the price.

The regular price of the exam is £800.00, which in my opinion is quite high, and not worth it. This is because it is a new certification, which does not yet carry much weight on the CV / Resume. The reason is that very few people have presented it, and recruiters/companies have not yet catalogued it as a valuable certification. This is likely to change over time.

Likewise, by not having any type of coursework. We enter into a dilemma, it is a high priced certification, which is not in high demand, and it will not provide you with knowledge through a course. Which makes it something to take into account.

However, The Sec Ops Group is constantly putting their certifications on offer. Most of the time they have a 50% discount, and sometimes the discount increases. In my case, I managed to get it for £40.00 on their introductory offer, which makes it a super affordable certification considering the regular industry prices.

In my opinion it is a good certification, it is challenging, and somewhat realistic, personally I would classify it as intermediate/advanced difficulty. Most of the topics are focused on web vulnerabilities, which means that if you have been involved in web pentesting for a while, or have a good foundation in it, you can take it with almost no prior preparation. It has a very good duration and is also quite fun.

I honestly thought it would be a very easy certification that would be finished in a couple of hours, and that the name “eXpert”, was marketing, however, I was very surprised. It is more difficult than I thought, it contains exploits of classic vulnerabilities in advanced contexts, and being against the clock makes the pressure increase.

In conclusion, it is a realistic certification, of a good level, and well designed. Presenting it is a fun challenge. If you can get it for less than £200.00, I consider it completely worth it.



  • https://cryptohack.org/challenges/web/
  • https://portswigger.net/web-security/authentication
  • https://portswigger.net/web-security/cross-site-scripting
  • https://portswigger.net/web-security/csrf
  • https://portswigger.net/web-security/deserialization
  • https://portswigger.net/web-security/file-upload
  • https://portswigger.net/web-security/host-header
  • https://portswigger.net/web-security/jwt
  • https://portswigger.net/web-security/learning-paths/api-testing
  • https://portswigger.net/web-security/learning-paths/race-conditions
  • https://portswigger.net/web-security/learning-paths/sql-injection
  • https://portswigger.net/web-security/logic-flaws
  • https://portswigger.net/web-security/os-command-injection
  • https://portswigger.net/web-security/ssrf
  • https://portswigger.net/web-security/web-cache-poisoning
  • https://tryhackme.com/r/room/advancedsqlinjection
  • https://tryhackme.com/r/room/nahamstore
  • https://tryhackme.com/r/room/owasptop10
  • https://tryhackme.com/r/room/wordpresscve202129447
  • https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology (You only need basic cloud knowledge)



Syllabus:

  • Google Hacking, Dorking and OSINT.
  • OWASP Top 10.
  • XSS
  • SQLi
  • XXE
  • CSRF
  • Cryptographic Attacks
  • Deserealization
  • Mass Assignment
  • Brute Forcing
  • User Enum
  • TLS Missconfig
  • SSRF
  • IDOR
  • Parameter Manipulation
  • Insecure File Upload
  • Business Logic Flaws
  • Directory Traversal
  • Common Security Misconfigurations
  • Information Disclosure
  • Common Vulnerabilities And Exposures
  • Vulnerable And Outdated Components
  • Common Supply Chain Attacks And Prevention Methods
  • Common Security Weaknesses Affecting Cloud Services Such As An S3 Bucket
  • Security Best Practices And Hardening Mechanisms
  • Security Headers
  • HTTP Request Smuggling
  • Server Side Template Injection
  • Web Cache Poisoning/Deception
  • Host-Header Injection
  • Prototype Pollution
  • CRLF & Response Splitting
  • File Inclusion