“Presenting findings to the mock board gave me the deck that keeps winning renewals.”
CxWAP β Three tiers of web pentesting mastery
CWAP <> CAWAP <> CMWAP Which one will you pick?
Promotional price
Limited-time promo Start the evolution
One lab β’ 159 code exploit switches β’ Unlimited grit
- CWAP: β¬199.99 β¬15.00 Promo
- CAWAP: β¬199.99 β¬15.00 Promo
- CMWAP: β¬249.99 β¬15.00 Promo
The rat promise
- Forging battle hardened rats through a challenging trial
- More difficult than CAPIE - Longer than CAPIE Less difficult than CNWPP - Longer than CNWPP
- Full traceability with exam and code reports. We even save the full source of the exam.
- Hyper realistic school management target environment, Game or Theme park system - You can pick a number ... bring it!
See the trilogy in action
Each module leans on years of experience and social proof to boot! Over 180 000 udemy students have enjoyed my work but now it is time for more ... Continuining on the course materials i have built over the years, I have developed this web app hacking certificate. L1 = Basic IDOR exploit level L2 = more hidden endpoint or parameter for example L3 = Crappy WAF - Ruleset level
CxWAP community reviews
Feedback from rats who completed CWAP, CAWAP, and CMWAP.
“CMWAP made me plan like an engagement manager instead of a lone wolf exploit dev.”
“Level 3 objectives forced me to automate burp workflows and share tools with my crew.”
“CAWAP chains felt like live client chaosβperfect rehearsal for real incident calls.”
“The challenge cadence kept me sharp and paid for itself with my next report submission.”
“CWAP drilled disciplined recon so hard that scoping calls now feel effortless.”
“CWAP mirrored real-world web testing. I enumerated routes and states, exercised authentication and access control, and validated findings with concrete proof, including business logic issues that typical scanners miss. The structure of CWAP rewarded methodical hypothesis β test β validate, which is how I deliver high quality results at scale.”
Meet the CxWAP trifecta
Three escalating certifications crafted for rats who want to dominate web pentesting.
CWAP β Certified Web App Pentester
Cut your teeth on disciplined recon, exploit development, and reporting. CWAP sets the tone for the grind ahead.
- Battle-tested methodology playbooks.
- Hands-on walkthroughs for foundational exploits.
- Deliverables that stand up to client scrutiny.
CAWAP β Certified Advanced Web App Pentester
Link complex attack chains and automate your workflow. CAWAP is where you weaponise creativity and discipline.
- Scenario-based chaining labs with dynamic defenses.
- Guided automation for recon, exploitation, and reporting.
- Mentor feedback straight from the Rat offensive team.
CMWAP β Certified Master Web App Pentester
Lead the charge! Bypass WAF Rulesets and show the world what you are really made of!
- Advanced hiding of parameters,inter-tenant IDORs and more
- Tough filters and WAFs make it harder to execute attacks
- 48 Hours is a long time ... can you show proper time distribution?
Why rats swear by CxWAP
One lab to rule them all
Every tier plays out inside the same sprawling universe, forcing you to revisit systems with new skills and sharper instincts.
159 code exploit switches
Toggle your way through handcrafted exploit paths. Each switch unlocks a new branch with its own tactics, payloads, and defenses.
Flags for every victory
Never lose the trail. Every successful exploit drops a flag so you can prove progress, calibrate your notes, and keep morale high.
Customers, not protectors
We act as your toughest customer. Expect ruthless feedback, brutal requirements, and clear acceptance criteria.
Full traceability from exploit to report
For the first time in rat history we mapped every flag, exploit switch, and remediation path. Ship exam reports that mirror real client deliverables and attach code reports for your internal notes.
- Exam reporting templates with cross-referenced flags.
- Code review packets to capture internal decision-making.
- Versioned audit trails so you can rewind any moment.
Live inside our hyper realistic lab
Step into the role of school manager for our custom, in-house school management system. Balance operations, guard reputation, and find every weakness before your rival teams do.
- Operational dashboards, grade books, and payment flows.
- Role-based access models begging to be dismantled.
- Realistic integrations that demand precision exploitation.
We are not your protectors β we are your customers. Ship work that survives the boardroom.
CxWAP frequently asked questions
Get clarity on the CWAP, CAWAP, and CMWAP track before you begin.
All tiers are proctored live over Google Meet. You must verify a government-issued ID on camera, keep your webcam and screenshare running for the entire exam, and each session is recorded after the identity check. A Discord account is required for coordination, and every run is traceable with internal code reports that we retain but can share with media on request.
CWAP gives you 24 hours to land 30 exploits across level 1 and level 2 objectives. It is designed to confirm disciplined recon, exploitation, and reporting habits.
CAWAP extends the window to 28 hours and requires 35 exploits that span levels 1, 2, and 3. Expect to chain attacks together and automate portions of your workflow to clear the objectives.
CMWAP is the capstone with 48 hours on the clock and 45 exploits focused on level 2 and level 3 difficulty. It stresses leadership-level decision making inside the lab.