Hackthebox CERTIFIED WEB EXPLOITATION SPECIALIST REVIEW, Tips & Tricks
H3ll0 H4ck3rs !!!
End September 2025, i passed Hackthebox Certified Web Exploitation Specialist by scoring 100% on my first attempt.
In this article, i will make a review of this exam and give some tricks and tips for those who aspire to pass this exam and maybe make career on Web Penetration Testing
Stastical of my trainning / Exam taking
Tips & Tricks For CWES Prepare
What is Certified Web Exploitation Specialist
HTB Certified Web Exploitation Specialist (HTB CWES) is a highly hands-on certification that assesses the candidates’ bug bounty hunting and web application pentesting skills. HTB Certified Web Exploitation Specialist certification holders will possess technical competency in the web application penetration testing and bug bounty hunting domains at an intermediate level. They will be able to spot security issues and identify avenues of exploitation that may not be immediately apparent from searching for CVEs or known exploit PoCs. They can also think outside the box, chain multiple vulnerabilities to showcase maximum impact, and actionably help developers remediate vulnerabilities through commercial-grade bug reports.
- To be eligible to start the examination process, one must have completed all modules of the “Web Penetration Tester” job-role path 100% first. Each module in the path comes with its own hands-on skills assessment at the end that students must complete to prove their understanding of the presented topics. The answers to the skills assessment exercises are not provided. Evaluation takes place throughout the journey, not only during the examination!
Stastical of my trainning / Exam taking
Tranning Stastical
I started CWES path at the begging of August and passed the exam at the end of September
It took me 6 weeks to finish the course material. i know that i made it very quickly. It is because i have a some experience on web penetration testing and bug bounty.
So many modules were just a review for me
Exam Stastical
to pass the exam , you need to get 80% to 100%. Ten flags to get 100%
- First day: 3 flags ( I was very exited :-)
- Day 2: 1 flags
- Day 3: 2 flags
- Day 4: 0 flag ( very sad, i got stucked and could not found any flag !! )
- Day 5: 4 flags ( Completed 100% . very exeted !!!!!)
- Day 6: took some rest
- Day 7: Finish my report and submit it
after 4 days of my report submition, i got an email from HTB Congratulation You Are Now Certifed Hacker
PREPARE TIPS & TRICKS
Here are some tips & tricks that will help you make good preparation for CWES Exam
1. Notes taking
The Number One of tips during your peparation is Notes Taking.
Yes, notes taking !!
CWES is not an easy exam. The course material covers a lot of web attacks techniques. A lot of web vulnerabilities are cover on the course. The course material cover 20 modules and you learn multiple vulnerabilities/attack techniques on each modules.
If you don’t take good note, you will probably forget things as you go.
Remember that the exam cover all the course material . So if you forget something and that thing apears on the exam, you will be stuck for a long. Maybe you’r going to waste your time and not get the neccessary score to pass the Exam.
You will not like that scenario happen to you. So take good note as you go on your trainning.
The note you take will not be useful only during the exam, but also during your futural penetration testing engagement.
Humans are designed to quickly forget information.
So if you don’t take good notes, you risk forgetting a large part of the concepts learned in the training.
This principle applies not only in the context of CWES but throughout your computer security journey.
So what i mean by good note !
A good note for X module is note that when you review it, will help you remember all technique/ attacks scenario that were taught on that module. Using your note, you don’t need to review the module content to make sure that you understand the module.
your note for one vulnerability (for example LFI) must contain:
- a description of a vulnerability
- In Which cases that vulnerability can apears
- How to recon / enumerate for that vulnerability
- How you can exploit it, when you found it. Here you must include snipped of commands, tools taught on the course
- What you can do with it (example: users enum, privEsc, RCE,..)
In resume, a good note is not a simple cheat sheet, it is a workflow that you must follow during your engagements. It must contain all scenario, cases. Considere it like an algorithm which, when executed must help you found / exploit a vulnerability
2. Workflow / Methodologies Creation
As you go through the course material, you must create Workflows for web attack. Apart the fact that your note for each module must be a self-workflow, you must also create workflows that you are going to follow during your engagement or the exam. If you have some experiences on bug bounty field, you must know the importance of workflow. A workflow can be considere as an algorithm that when you follow can help you exploit a vulnerable web application. A simple workflow for web application(example.com) attack can be something like this:
- Enumerate / Fuzz for directories, files
- Enumerate / Fuzz for subdomains
- Fingerprint the tech stack with tool like whatweb, weballyzer,..
- Review the front-end source code to gather useful information
- Navigate through the web application to enumerate fonctionnalities / features that you have access
- Understand the protection, authentification mechanisme of the application
- If found vulnerability on one feature (Example: user enumeration on login form), exploit it or chain it to exploit other vulnerability (user enumeration to login brute force, ..)
This is a general workflow for web application attack.
You must create a workflow for each vulnerability taught on the course,
Example of Workflow for SQLI
- Recon / Enumerate GET/POST/PUT/… params, HTTP headers, cookie that apeare to be used on database query on some feature like search bare, login form,.. !!
- If found, try SQLI payload to test if that input is vulnerable
- If not vulnerable, continu to look for others vulnerabilities
- If vulnerable to SQLI, use SQLMAp to automate the exploit process
- If some firewall block automate tools, try to bypass it or exploit the vulnerability manual
- If exploitation work, enumerate databases, users, passwords, gather a lot of information as you can
- Can you exploit it to read local files !? If so:
- Exploit it to read local file and web application source code. Maybe you can found others vulnerabilities by looking on the source code
- Can you escalate it to RCE !? look for .
- Try to get your priv
- IF you are database admin and you have write permission, write a reverse shell on web root location
- Use your web shell to get RCE If you follow that workflow for example, you will not miss or bad exploit SQLI
Your workflows will be useful during the exam.
Because during the exam, time will come where you will be tire. If you don’t have a workflow or checklist to follow, you can forget to tests some trick and miss vulnerabilities.
In Web penetration testing especially in bug bounty field, you are good as your workflows. More your workflows are good, more you are
3. Pratice
When it come to CWES, many people will say you that the course material is enought to pass the exam.
I’m very ok with that. Personnaly, i only did the course material and took the exam.
But everyone has different background.
If you don’t have experience on web penetration testing , bug bounty or CTF ( Web challenges), i advice you to use other plateforms apart the course material to master your web penetration testing. Especially for vulnerabilities that are taught on the path.
Personnaly, before starting CWES path, i had expericen as junior web penetration tester. i also trainned myself on plateform like root me and portswigger
So if you don’t have experience on web penetraton testing, use those plateforme to pratice (recon / exploit) vulnerabilities that are taught on the course material:
For example when you learn XXE and finish the module, go to portswigger and try to exploit XXE labs When you finish LFI, go to root-me and exploit LFI challenges. By doing so, you will master your recon / exploitation skill. Which will be useful for you to pass the exam. Don’t forget to pratice again and again the skill assesment of each module. The skill assessments are useful ressources for you to test skill that you learnt on the module. Try to solve it without ask some help or read walkthrough. By doing so, you will be well prepare for the exam
5. Stay On The Path
That is true for many certificaton exam.
Stay on the path
The exam is design to test your skill that you learnt on CWES path.
You will not found vulnerabilities like JWT weak credential or Deserialization. Those vulnerabilities are not taught on the PATH.
So when you pratice in order to pass the exam, make sure that your trainning is on the CWES PATH SCOPE.
Otherwise, you will burn out yourself and get confused by trying to exploit vulnerabilities that are not taught on the path during the exam.
This error will make you stuck. Maybe not being able to score the necessary point to pass the exam.
So avoid it as you can
6. Vulnerabilities cheklist
If you follow all the five tricks & tips that i mentionned early and are ready to take the exam, one last thing you must do is to create a so called Vulnerabilities Checklist.
Vulnerabilities checklist is a checklist that must contain all vulnerabilities that you learnt during the trainning.
You can create it as you go through the course material and fill up it with vulnerabilities as you learn it.
It must contain all vulnerabilities covers in the course: (IDOR, XSS, SQLI, LFI,XXE, SSRF,SSI, SSTI,…)
The useful trick with a vulnerabilities checklist is that it will remember you which vulnerabilities to test during your exam. Through it, you will have an overview of what you already tested and what must be tested.
READY TO TAKE THE EXAM !! LET SEE SOME TRICKS & TIPS TO MAKE YOUR EXAM A FULL SUCCESS
TIPS TRICKS during the exam
1. Enumeration
In penetration testing field,
Enumerationis the key.
CWES exam is not like CTF challenge. It is like real penetration testing and you have seven days to complete the Exam. Enumeration will be your best friend during the exam. You must adopt an iteractive enumeration ( enumerate on each step). If started exploit something and found that it seems to be impossible or you lack some information, try enumeration again and again. you must enumerate directories, files, applications features, params, look on front-end source code. All thing that you can imagine as enumeration, do it
2. Stay on the exam path and scope
As i already said in previous tips, during your exam, make sure that you are on the path.
Useless to try exploiting Web Cache Poisoning by know that it is not taught on certified web exploitation specialist path. By doing so, you waste your time for nothing !
Avoid that and manage your time to test vulnerabilities that are taught on the exam path.
You must also make sure that your testing don’t go outside of the exam scope.
It is like real penetration testing. So you must not perform your testing on outsite compomnent
3. Make it real
Take it as real penetration testing engagement. In real penetration testing, the human behavior vulnerabilities are also in scope.
So make sure you test everything.
They also can have an interconnection between applications. Look for all possibilities
4. Time Management
Don’t spend more than 30 min testing one vulnerability. For example: If you reach a search bare and try to find SQLI on the input field, if you test for SQLI durinf 30 min without success, maybe you are not on the right path. Go and test for others things
Be aware: your tests must be accurate to make sure that you don’t miss vulnerability where it is
Another important thing:
You have 7 days to complete all the exam (pentest + report writting).
It is very important to manage your time correctly and take care of yourself.
If you didn’t sleep on the first day or first two days for example, you will go in burn out.
Imagine during the exam, you get burn out, you are not stable mentally so you will perform bad penetration testing and not found many vulnerabilities.
So make sure you take some rest when you are tire and come back to work with energy and new ideals
5. Make Perfect Test
Make perfect tests.
When you decide to test for one vulnerability, you must make sure that you tested all possible case before give up or pass to other vulnerability test. If you try to test for file upload vulnerability for example , make sure that you tested all possible trick for file upload before saying that the endpoint is not affected by file upload vulnerability.
6. Vulnerabilities chainning
Vulnerabilities chainning is very important in web penetration testing, bug bounty and that will also be the case on the exam. When you found a low or medium severity vulnerabilities, try to chaine theme or elevate the severity to get critical vulnerability
7. Write Report as you go
Yes, write your report as you go! Penetration testing report writing is not easy activity and you must remember that CWES exam require you to submit a comercial gradual report(even if you capture all the flags) before pass the exam. The report part is very important and you must make sure that your report is well writing. To doing so, you must write your report as you go in your penetration testing activity.
When you found vulnerability, write the exploitation path, take some screenshots, put it on your report. you must even write a draft report befort continuous your penetration testing activity. by doing so, when you will come on report writting part, it will be easy for you to do it quickly. I advice you to use sysreptor penetration testing report writting tool to write your report. They are template for CWES. You can use it to speed up you report writting.
Conclusion
Hope this article help you on your CWES journey or you learn something from it !!!
If you enjoy this article, you can let me a message on linkedin
I wish you good luck for CWES Exam