Skip to main content

HTB Certified Web Exploitation Specialist (HTB CWES) - Review

· 3 min read
Corey Nicholson
Corey Nicholson
Cyber Incident Response | Views Are My Own, Not Employers
note

Starting October 2025, the HTB CBBH became the HTB Certified Web Exploitation Specialist (HTB CWES) certification. Since I already obtained the CBBH (see my full review here), I was automatically upgraded to the CWES certification. Hence, this serves as a revision to my previous review.

In August 2025, Hack The Box (HTB) announced that their Bug Bounty Hunter certification would be overhauled and rebranded as the Certified Web Exploitation Specialist (HTB CWES). While the core curriculum does not appear to have significant changes (beyond 4 modules being added/updated), the rebrand aims to better reflect real-world job roles and the broader scope of modern web application security testing.

Summary CBBH Review:

In my CBBH review from last year, I stated that I would absolutely recommend the course material to anyone wanting to learn web penetration testing. The labs were realistic, platform polished and the coverage of vulnerabilities was both broad and practical. However, I struggled to recommend purchasing the exam and obtaining the full certification. This was due to 2 main concerns:

  1. Recognition - The certification wasn't as widely recognised as other web application penetration testing certifications.
  2. Branding - The name “Bug Bounty” felt limiting, especially for candidates aiming for traditional pentesting or AppSec roles. Despite these concerns I still recommended sitting the exam if you wanted to test your skills in a practical, hands-on assessment.

Has HTB Fixed This?

HTB mentions that the change is to better align the certification with modern jobs roles, and I believe they did this well. It’s too early to tell how widely HTB CWES will appear on job postings, but the name itself is far more professional and transferable than the previous. I expect this change to have a more positive impact on employers views.

Has My Recommendation Changed?

The certification has been renamed, but the core content remains largely the same with the addition of four new modules and several incremental updates and refinements. Because of this, my recommendation has not drastically changed but it has slightly improved.

If you’re looking to learn web exploitation through practice, HTB CWES is an excellent option. The rebrand fixes one of my biggest concerns with the original CBBH, and the added content makes the certification feel more complete.

I would confidently recommend:

  • The course content to anyone pursuing web pentesting or AppSec.
  • The exam and certification to those who value testing their skills practically (and don't mind the cost + lower recognition compared to other certs).

While it may not yet rival the most established web certifications in terms of recognition, HTB CWES is now much better positioned to grow into those roles.

For my full review of CBBH from last year, check out: HTB CBBH Certification (Exam Review).

HTB_Certified_Web_Exploitation_Specialist_(HTB CWES) Certification