certification path to web application penetration testing

Zaraki

I have already taken comptia security+ and ccna and i have some experience with sql and php
should now i take ceh or rhce or cpte ? to start the right road to be a professional websites pentester
and what is the best certificate nowadays in web application penetration testing ? oscp ?
and sorry for my bad english
thx anyway .

lucky0977

I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

Personally I have a hard time retaining information long term so I prefer to take baby steps.
CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.

Mike7

Suggest you check web pentester job postings in your area to see what is in demand.
OSCP is not an easy exam so you may want to start with another certification first.

636-555-3226

What's your web background? Do you have any web coding experience? That's a HUGE help for web app pen testing.

jamesleecoleman

Check out eLearnSecurity.
https://www.elearnsecurity.com/course/

Zaraki

lucky0977 wrote: »

I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

Personally I have a hard time retaining information long term so I prefer to take baby steps.
CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.

thank you for your reply
I think you mean OSWE , of course i want to take this certificate
but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
do you think ceh will help me with that ? some people told me ceh have a poor and weak content
and what about mcitp and rhce ?
unfortunately elearnsecurity dont have training centers in middle east

Zaraki

Mike7 wrote: »

Suggest you check web pentester job postings in your area to see what is in demand.
OSCP is not an easy exam so you may want to start with another certification first.

thank you also for your reply
so what certification you recommend me to take first oswe ?

Zaraki

Zaraki wrote: »

thank you also for your reply
so what certification you recommend me to take first oswe ?

before*

Zaraki

jamesleecoleman wrote: »

Check out eLearnSecurity.
https://www.elearnsecurity.com/course/

unfortunately elearn dont have training centers in middle east

xxxkaliboyxxx

Zaraki wrote: »

unfortunately elearn dont have training centers in middle east

It's all online. Courses are thought through slides, videos and online labs that you connect through SSH

Mike7

Zaraki wrote: »

thank you also for your reply
so what certification you recommend me to take first oswe ?

Not familiar with middle east. Have you looked at web pen tester job postings in your area? What certifications if any are they asking for?

lucky0977

Zaraki wrote: »

do you think ceh will help me with that ? some people told me ceh have a poor and weak content

I took the CEH and was disappointed as you spend the majority of your time reading instead of getting practical experience and it's very expensive if you have to pay for the lab fees which are not even that great. The reason it's talked about so much is because it's a requirement if you want a job in the US Government.

Like the others have said before, the eLearnSecurity courses are far more superior and will be done completely online. The course content, including the labs are impressive and will not destroy your wallet.

lucky0977

Zaraki wrote: »

but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?

You could be skilled in absorbing information quickly, but unfortunately for me, I need to take things at a slower pace.
My learning style is probably a lot different from yours but i'll offer my path that I have taken so far.

CEH --> eJPT -->eCPPT (Currently enrolled)
(Future plans) --> OSCP --> GPEN

MrAgent

Zaraki wrote: »

thank you for your reply
I think you mean OSWE , of course i want to take this certificate
but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
do you think ceh will help me with that ? some people told me ceh have a poor and weak content
and what about mcitp and rhce ?
unfortunately elearnsecurity dont have training centers in middle east

Pretty sure they meant OSWP. You cannot just go and take OSWE. You have to take the AWAE course from Offensive Security, which is currently only offered in person, once a year in Las Vegas.