News: How to Study for the White Hat Hacker Associate Certification (CWA)

How to Study for the White Hat Hacker Associate Certification (CWA)

Since I first announced the new Null Byte recognition for excellence a few weeks ago, several of you have written me asking, "How can I study for this certification exam, and what material will be covered on the exam?" Now I have an answer for you.

The White Hat Hacker Associate (CWA) will cover 14 domains or areas. Everything you need to know is here on Null Byte. There will be no questions that are not covered here on this site, guaranteed.

It's important to note that this is an entry-level certification and not a professional certification. As such, it will emphasize the basics of each of these 14 domains without going into great depth. There will not be labs on the CWA, though, there will be labs with the CWE and the CWP. The questions will be strictly multiple choice. If you know the basic concepts, you should be able to pass this exam and then begin to work your way toward the more advanced CWE and the CWP.

The 14 domains and their weight on the exam, as well as the articles you should read and know to prepare for the CWA, are:

1. The Role of the White Hat Hacker - 3%

This is probably the one area I have written the least on. The idea here is that the successful CWA needs to understand what a White Hat Hacker is and what they do. The CWA needs to understand that a White Hat Hacker may work in pentesting, information security, cyber warfare, and espionage among a number of industries. In addition, the CWA must be familiar with the hacker methodology.

2. IT Fundamentals - 10%

To be a White Hat Hacker, there are some IT fundamentals that you must know. For instance, you need to understand the basics of Linux, networking, and TCP/IP. It's important to understand Linux, as it is the hacker platform, for good reason.

You can pick up some basic networking from the first two articles below, and some TCI/IP basics from the forensics article.

3. Passive Reconnaissance - 8%

This section starts the standard hacking process, beginning with passive reconnaissance. This is reconnaissance that cannot be detected by the target. You should be familiar with Shodan and Netcraft and how to abuse DNS for reconnaissance and finally, a bit of SNMP.

4. Active Reconnaissance & Port Scanning - 10%

Port scanning may be among one the most fundamental skills of the hacker, and Nmap may be the most fundamental tools of the hacker. The following two guides on Nmap and Hping3 should be sufficient for you to pass this section of the exam.

5. Social Engineering - 5%

I have written little here on social engineering, but many of the hacks I have detailed include some measure of social engineering, such as getting people to click on a PDF, Word, or MCL file. In addition, you should be familiar with the Social Engineering Toolkit and social engineering techniques.

6. Basics of Password Cracking - 10%

The CWA must understand the basics and principles of password hacking/cracking. You should read my series on password cracking and be familiar with some of the password cracking tools such as Cain and Abel, John the Ripper, Hashcat, and THC-Hydra.

7. Basics of Metasploit - 7%

Although the CWA won't go into great detail on using Metasploit, to successfully pass the CWA exam, you should understand the basic concepts and commands of Metasploit, such as what is an exploit, payload, target, LHOST, RHOST etc. I suggest you read and study the following series.

8. Basics of Cryptography - 5%

The CWA is not expected to be a cryptographer, but they should be familiar with the concepts of symmetric vs. asymmetric cryptography, PKI, hashes, etc. The test questions on the exam will be limited to the terms and concepts in the following article.

9. Basics of Sniffing - 5%

Sniffing is a rudimentary skill for both the network engineer and White Hat Hacker. To pass the CWA, you should understand what sniffing is and how to use such tools as Wireshark. Check out the following article for help on Wireshark.

10. Basics of Snort - 5%

Snort is the world's most widely used intrusion detection system (IDS). Understanding how it works will make you a better security engineer and hacker. The CWA will be expected to understand the basics of Snort operation and the structure of a Snort rule.

11. Basics of Vulnerability Scanning - 7%

Vulnerability scanning is critical to discovering known vulnerabilities in website, applications, and operating systems. The CWA should be familiar with the concepts and limitations of vulnerability scanning. To prepare for the exam, take a look at these three articles:

12. SQL Injection & Database Hacking - 5%

SQL injection is one of the best ways for hackers to get to the hacker's pot of gold, the database. The successful CWA should understand the basics of SQL Injection and database hacking. To study for this section of the exam, check out my Hacking Databases series and the excellent article on SQL injection by Allen Freeman listed below.

13. Wireless Hacking - 10%

Any hacker worth their salt needs to understand the basics of wireless hacking. To pass the exam, you must distinguish between the different types of wireless security (WEP, WPA, and WPA2), as well as the basic tools and techniques of wireless hacking.

To study for this portion of the exam, make sure to read:

14. Web App & Server Hacking - 10%

The key things to study here are BeEF and my web app hacking series. Although the web app hacking series is far from complete (as are all my series), you will only need to understand the basics for this exam that are covered in these articles.

Getting Ready to Become a Certified Hacker!

More advanced subject areas such as mobile hacking, Metasploit hacking, exploit development, and scripting will not be on the CWA exam, but will appear on the more advanced CWE and CWP, where the certification will require the completion of a hacking lab to show proficiency with tools and concepts.

Remember that this exam will only cover concepts and tools covered here on Null Byte, so no need to buy outside books and classes. If it is not on Null Byte, it will not be covered on the exam. Also, please remember that if you can't find an article, type the keywords in the search box up top. In addition, take a look at my article, "How to Use Null Byte to Study to Become a Professional Hacker," for some guidance on what to read and study.

You can expect the exam to be ready in either December or January, and that means plenty of time to study so that you can be among the first to be certified as a White Hat Hacker Associate!

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.


Awesome article, thanks master!

Fantastic, can't wait.

Really great stuff OTW, can't wait to pass the cert :)


Wonderful, really looking forward this !

Just to be sure, will people be able to repeat exams they failed?
Or is it a one time chance? Both ways have their advantages and disadvantages.

You will be able to repeat the exam should you not get a passing score.

Is there an age limit? Also, how is the test to be taken?

No age limit and the test will be administered online. You should consider it, Alan.

hello,can you tell me please about the CWE certification,or CWP but is not available at the moment how far as i can see.Are widely recognized like the OSCP.I would be glad if you can tell me more about it.Thank you.i hope here from you soon.

Hi Sir OTW, this question of mine is completely irrelevant to this post. Anyway according to your series "Hack Like a Pro: How to spy on Anyone", is there a way to make a logo/image appear on victims monitor (like in the movies)?

(I know this question's a bit stupid, sorry)

Can you do an article for that for the next part of your series, "Hack Like a Pro: How to spy on Anyone"?

that is sick...nice +1

what is fee for CWA exam.... where is the centers for this exam or i can give it from home???

Hello secret king,

I read that the examination for the CWA will be a 100-question, multiple choice test taken ONLINE. I myself, am unsure of fee for the examination, however, I am willing to wager it will be well in the range of your budget.

How does one sign up for the exam? And can it be taken on any country? Not that I am really considering taking it.

Only those who take the exam will have the questions, just like any other certification exam. If the questions were available to everyone, it would compromise the integrity of the exam and the certification. I'm sure you understand.

As for the fees, they will go to the WhiteHat Hacker certification body that will make the exams, give the exams and promote the certification.

There are hundreds of practice exams for CEH online.

Do we have to do it in a specific place?

No. It will all be online.

We can do it from home?

I was hoping for that, since I don't think I'd be able to do it otherwise, as I live in Brazil and in a city not so important.

Thanks, OTW.

question, assume i paid fee. Gave exam and failed. Then re exam on same fee or what ?....

exam time will be fixed for all attendee or any time during a day ?

Thank OTW so much, It helps me a lot. I know what i need to learn!

so when is the exam coming?
hacked by Mr_Nakup3nda

Good question!

I'm expecting to have everything ready in a few weeks. Probably early February.

nice ,i will definitely get this exam...
Hacked by Mr_Nakup3nda

Thanks OTW for all the wonderful tutorials. May I ask if the exam is available and if so, can you please provide the registration link?

I'm sorry to say I have not finished work on these certifications. I've been working on several large security projects and my spare time has been limited.

FYI, the exam and certification will cost $129.

The knowledge and guidance that you've shared is far more valuable than the fee. Thanks again and looking forward to it.

Thanks. I'm glad you appreciate what we have created here on Null Byte!

Such a great article. from zero knowledge ill try to study every article on this website. thanks! :)

Where i can do the exam cwa....?

How do you practice all of these sections without actually doing anything illegal? i.e running the hack in the entirety but against a virtual machine

i can't sign up to get the cert, it keeps saying this when i put my details in.(have removed them for the screenshot.

I've been reading your lectures for a couple of months now and I just wanted to say hi to the community and also congratulate you in your effort to share all this great knowledge with us.

I always wanted to learn about cyber-security and hacking and this is a great place to start.
Thanks OTW!

Also i would like to ask: Can I still apply to do the CWA certification? and if so where can I find the link to do so?

My dear friends I love and hug you all!
Thank you for sharing all the information and knowledge with respect and love that you all share!
Hacking is all I have and I'm passioned about it its the most interesting and exciting thing in the world!
I would choose hacking if my gf told me: Neither me or hacking? - hacking shure! :D

Hi I just want to start from the scratch is this bundle will help me to start with and I am 40 but I have intrest to improve my earnings by studying this.. will it help full for me advice me pls

Share Your Thoughts

  • Hot
  • Latest