The Practical Junior Web Tester: We’ve Arrived

Absolutely everything on this blog pertaining to the term “hacking” is meant for training and educational purposes only. WE DO NOT ENGAGE IN NOR PROMOTE ANY ILLEGAL HACKING ACTIVITY!

Greetings, Family, Friends, and Community!

As you can see from the badge posted above, We’ve Arrived!

If you are new here we can understand the confusion that you may be experiencing at the moment. However, if you stick around these parts a while it will all start making sense. I promise.

I won’t go over the obvious here about what the PJWT is, who it’s offered by and blah, blah, blah. For that, my friends, I’ll direct you to the site where you can learn more about it directly – The PJWT!

I will, however, share with you my thoughts and experiences with TCM Security and the exam.

One of the things among many that I love about the exams that TCM Security put together is the hands on, no holds barred “experience” that I come out of the exam environment with.

Until I started training with TCM Security, the experience with certification exams that I’ve had in my academical/professional career in the information/cybersecurity field have all consisted of a ton of multiple choice questions or a majority of multiple choice questions with a section of Practical Based Task built in.

You know the ones…you study for a certain amount of time, if you can afford them or get lucky you may come across a few hands-on labs where you actually get to run some of the familiar industry tools within a simulated environment, you take a lot of practice exams until you achieve a certain score which, over a certain percentage of correct answers across all areas signify that “you’re ready” for the exam.

You schedule the exam, get a certain score and BAM- You’re a Certified Practicioner in <insert specialty of your choice>. All of those long nights of burning the midnight oil has paid off. You look at yourself and say, “I’m an ethical hacker” or, “I’m a certified network associate“. You say things like, “I have my Security or Network Plus.”

Well, as someone who holds “at least” 13 (the last time I counted them) certifications, I’ll be first to admit they took a lot of hard nose studying to obtain. That can’t be denied. But for me, what I started to notice was that although I passed the exam and now had the cert, I still felt a sense of emptiness.

I’d even question how it could be that I’d get hired for X or Y role and although the daily operations of the job dealt with everything one or more of what my certifications tested for, I’d start with a level of “noobness” that I absolutely felt shouldn’t be there. Especially after taking into account the huge mountains of knowledge I’d climbed in “my studies” to become what I was professing myself to be.

With TCM, the real learning took place “within the exam itself“. The best I can come to describing what I mean by that is comparing it to OJT- On The Job training. I was able to learn “how” to become a web application penetration tester “while on” a web application engagement for a client.

To me, that’s just all types of cool! It was an entire new level of radness.

For example, and total transparency here, I didn’t pass on my first attempt. Nor the second attempt for that matter. But the saying was true in my case, the third time was a charm.

On my first attempt, my report was only a miserly 7 pages. And I’d turned it in feeling like my work was done. Nope!

So… I digested my hint, trained some more, and this round my report had grown to 31 pages. (At this point, I could attest to what I absolutely knew to be true – I’d grown. I learned more and was comfortable with my results but also had a burning eagerness to continue, win, lose, or draw).

I turned my report in and waited with a feeling, not of anxiety – like after answering the survey questions before hitting submit and Cisco or Comptia to reveal a pass or fail – but a feeling of healthy anticipation. Again, NOPE!

So…the last go round I digested my hint, took a deep breath, dismissed any thoughts of passing altogether and went back to the beginning of the Bug Bounty Course and just….watched and listened to Alex instruct in the videos… but very intently.

All of this in the spirit of NOT being about me and passing the exam BUT, all about what more I could find that I hadn’t to help my client answer it’s questions about the security posture of it’s application.

As a result, my report grew from 31 pages to what ended up being 49 pages. (Possibly more but 49 was the last number I remember seeing during my final edits. ) And as you can see, again from the badge above, We’ve Arrived!

But arrived at what?

Well, for me it was arriving at a state of knowing what all I still don’t know. Like, I found out that I really don’t know as much about API’s as I thought I knew. And therefore I know exactly where I’m going to place my focus next.

In conclusion, if you’ve read this review of the PJWT in hopes that you’d come away with some technical tid-bits that could help you pass the exam if you are preparing to take it, just be mindful that “technically” there’s not much I can say due to the fact that there’s really a NDA in place. (Non-Disclosure Agreement)

What I can say is this, absolutely everything you need to be successful in the exam is contained within the Bug Bounty course itself; it’s true that you DO NOT need any supplemental training aside from what Alex is putting down in the course. (How often does that happen in the certification world?)

And with that, good luck on your attempts.

Hack On, Ladz & Gentz!