eCCPT after OSCP?

Hi all -

I have my OSCP and just passed the eLearn security eWAPT. I also hold CISSP, CISA and PMP from a past life.

I am a web application pentester and do some network pentest work as well.

Having my OSCP already is it worth sitting for the eCPPT exam or would it be redundant and/or a step down?

Any thoughts on what the logical next move would be?

Thanks.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

xXxKrisxXx

Hello,

Having done both, if you have passed the OSCP Examination, not only would the material be redundant, but you would be able to pass the eCPPT exam as well. Congratulations on earning the eWPT (be sure to update your certifications). Logically your next move would be to move onto a more Advanced Web Application Attack course (such as SEC642, eWPTX, or AWAE) or a more Advanced Network Penetration Testing class (such as SEC660).

neb2886

Thanks for the reply. So perhaps the eCCPT isn't worth my time at this point? I have budget left from my employer for the year.

If I were to take it do you think based on the OSCP I could just purchase the exam voucher and skip the course material?

veritas_libertas

Why not just study for OSCE?

xXxKrisxXx

I recommend purchasing the exam voucher and challenging the exam. The exam is very similar to the OSCP challenge. People love the OSCE and you see it being wanted on job boards but I'm not going to go as far as to recommend it. The course material is from 2009 and they don't plan on updating it. The exploit development material you learn in the course is relevant but OffSec put the more advanced exploit development material into their Advanced Windows Exploitation class. If you have a low amount of training budget left over and want to collect certifications, Pentester Academy has great courses with hands-on exams too.

veritas_libertas

Well that's interesting. I would have assumed they would be keeping it up to date.

xXxKrisxXx

Me too. They keep their other courses up-to-date. I don't know the real reason why they're choosing not to update CTP but I'm assuming it's because the updated material exists inside of AWE and AWAE. When you take CTP, it's not exactly heavy in content like PWK is. You can take a look at the syllabus and see what I mean. It's almost like they made CTP (originally BackTrack to the Max) and decided to stuff the heavier exploit development material into a separate course all together (coming out with OSEE). I e-mailed them back in 2012 with the intent of taking it. They got back to me telling me they don't plan on updating the material and I said to myself it's not worth the money.

Employers still like the OSCE though. They'll be looking for candidates with it for years to come. If you're looking to take your Exploit Development knowledge to the next level and can't afford Advanced Windows Exploitation or a SANS course, Coreland Exploit Development Training all the way!

NovaHax

neb2886 wrote: »

Any thoughts on what the logical next move would be?

Hey...I know this guy

. My vote is eMAPT. But you already heard my opinion on it . Congrats again on the pass

LionelTeo

how about the OSWE for web app testing?
https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/