Updated: Dec 31, 2022
Many of you have been asking me, "How can I study for the CWA certification exam, and what material is covered on the exam?"
Here is the answer you have been waiting for!
The White Hat Hacker Associate (CWA) covers 14 domains or subject areas. Everything you need to know is here on Hackers-Arise. There will be no questions that are not covered here on this site, guaranteed.
It's important to note that this is an entry-level certification and not a professional certification. As such, it will emphasize the basics of each of these 14 domains without going into great depth. There are NO labs on the CWA, though, there are labs with the CWE and the CWP.
The questions will be strictly multiple choice. If you know the basic concepts, you should be able to pass this exam and then begin to work your way toward the more advanced CWE and the CWP.
The 14 domains and their weight on the exam, as well as the articles you should read and know to prepare for the CWA, are:
1. The Role of the White Hat Hacker - 3%
This is probably the one area I have written the least on. The idea here is that the successful CWA needs to understand what a White Hat Hacker is and what they do. The CWA needs to understand that a White Hat Hacker may work in pentesting, information security, cyber warfare, and espionage among a number of industries. In addition, the CWA must be familiar with the hacker methodology.
2. IT Fundamentals - 10%
To be a White Hat Hacker, there are some IT fundamentals that you must know. For instance, you need to understand the basics of Linux, networking, and TCP/IP. It's important to understand Linux--as it is the hacker platform-- for good reason.
3. Passive Reconnaissance - 8%
This section starts the standard hacking process, beginning with passive reconnaissance. This is reconnaissance that cannot be detected by the target. You should be familiar with Shodan and how to abuse DNS for reconnaissance and finally, a bit of SNMP.
4. Active Reconnaissance & Port Scanning - 10%
Port scanning may be among one the most fundamental skills of the hacker, and Nmap may be the most fundamental tools of the hacker. The following two guides on Nmap and Hping3 should be sufficient for you to pass this section of the exam.
5. Social Engineering - 5%
I have written little here on social engineering, but many of the hacks I have detailed include some measure of social engineering, such as getting people to click on a PDF, Word, or MCL file. In addition, you should be familiar with the Social Engineering Toolkit and social engineering techniques.
6. Basics of Password Cracking - 10%
The CWA must understand the basics and principles of password hacking/cracking. You should read my series on password cracking and be familiar with some of the password cracking tools such as Cain and Abel, John the Ripper, Hashcat, and THC-Hydra.
7. Basics of Metasploit - 7%
Although the CWA won't go into great detail on using Metasploit, to successfully pass the CWA exam, you should understand the basic concepts and commands of Metasploit, such as what is an exploit, payload, target, LHOST, RHOST etc. I suggest you read and study the following series.
8. Basics of Cryptography - 5%
The CWA is not expected to be a cryptographer, but they should be familiar with the concepts of symmetric vs. asymmetric cryptography, PKI, hashes, etc. The test questions on the exam will be limited to the terms and concepts in the following article.
9. Basics of Sniffing - 5%
Sniffing is a rudimentary skill for both the network engineer and White Hat Hacker. To pass the CWA, you should understand what sniffing is and how to use such tools as Wireshark. Check out the following article for help on Wireshark. To learn more about Wireshark, read;
10. Basics of Snort - 5%
Snort is the world's most widely used intrusion detection system (IDS). Understanding how it works will make you a better security engineer and hacker. The CWA will be expected to understand the basics of Snort operation and the structure of a Snort rule.
11. Basics of Vulnerability Scanning - 7%
Vulnerability scanning is critical to discovering known vulnerabilities in website, applications, and operating systems. The CWA should be familiar with the concepts and limitations of vulnerability scanning. To prepare for the exam, take a look at these three articles:
12. SQL Injection & Database Hacking - 5%
SQL injection is one of the best ways for hackers to get to the hacker's pot of gold, the database. The successful CWA should understand the basics of SQL Injection and database hacking. To study for this section of the exam, check out my Hacking Databases
13. Wireless Hacking - 10%
Any hacker worth their salt needs to understand the basics of wireless hacking. To pass the exam, you must distinguish between the different types of wireless security (WEP, WPA, and WPA2), as well as the basic tools and techniques of wireless hacking.
To study for this portion of the exam, make sure to read:
14. Web App & Server Hacking - 10%
The key things to study here are my web app hacking series. Although the web app hacking series is far from complete (as are all my series), you will only need to understand the basics for this exam that are covered in these articles.
Getting Ready to Become a Certified Hacker!
More advanced subject areas such as mobile hacking, Metasploit hacking, exploit development, and scripting will not be on the CWA exam, but will appear on the more advanced CWE and CWP, where the certification will require the completion of a hacking lab to show proficiency with tools and concepts.
Remember that this exam will only cover concepts and tools covered here on Hackers-Arise, so no need to buy outside books and classes. If it is not on Hackers-Arise, it will not be covered on the exam. The exam is entirely online (as it should be in 2021), so no need to travel to special testing sites.
Also, please remember that if you can't find an article, type the keywords in the search box up top.
If you need additional help preparing for the exam, consider taking the CWA Prep course with Master OTW.
We have just begun offering the CWA Prep course videos that cover ALL the material on the exam for just $99. With these videos, you are certain to pass the exam!
For more information on purchasing the class videos, click here.
Although not required, studying from Linux Basics for Hackers and Getting Started Becoming a Master Hacker is excellent material to prepare to pass this certification exam.
Remember, if you are a MEMBER at Hackers-Arise, you get all certifications exams at 50% off.
You can NOW take the exam by going to www.white-hat-hacker.com!