What is the PJWT?
The Practical Junior Web Tester Exam is a certification exam that accesses a students web application penetration testing level. Created by Alex Olsen and TCM Security, the format of the exam is based on a more practical standard, being 4 days ( 2 days of testing and 2 days of reporting ) , the main deliverable being a professional and detailed penetration testing report, as well as being “open-ended” leaving it up to the student to find as many vulnerabilities as he/she/they can in the 2 days they give.
“There’s no win condition. And I think we’re so conditioned to have a win condition that it’s kind of weird when you take an exam and it’s like, the goal is not necessarily to compromise and get root, or become admin and find this flag; it’s to perform a pentest.” – Heath Adams, CEO TCM Security
Training Arc
Before taking the exam, in order to prepare myself to take the exam, I first took the TCM Course that is linked to the PJWT , Practical Bug Bounty. Created and taught by Alex Olsen, my “Web application” savant, Heath Adams, the CEO of TCM, and Jonah from Intrigiti.
In term of course materials, these three security giants goes through all the stages in bug bounty hunting, from reconnaissance all the way to exploitation. They also go through all the vulnerabilities included in the OWASP TOP 10, which all have 1-3 labs included for each vulnerability.
Although the Bug Bounty Course is actually all a student needs in order to succeed in the PJWT, I personally also had a few resources that I personally studied beforehand which are the Web Security Academy created by Port Swigger , the people behind Burp Suite , and Bug Bounty Bootcamp by Vickie Li. Although not necessary I personally found the modules form Port Swigger and the Chapters from Vickie Li help in furthering my knowledge.
Conclusion
This is the first of many certifications that I will be pursing from TCM Security. I can’t overemphasize how great the teaching staff is. Massive shoutout to Alex Olsen. He is an impeccable teacher, from developing the labs all the way to the presentations that he offers, he has helped me gain a better understanding of the web application pen testing. Heath Adams, the CEO of TCM is a security savant, which I will be looking for to learning from when I take the PNPT.
Disclaimer: I am not being compensated in any way by TCM Security or any affiliates for this review. I just really like TCM Security.
