certification path to web application penetration testing

ZarakiZaraki Posts: 5Member ■□□□□□□□□□
I have already taken comptia security+ and ccna and i have some experience with sql and php
should now i take ceh or rhce or cpte ? to start the right road to be a professional websites pentester
and what is the best certificate nowadays in web application penetration testing ? oscp ?
and sorry for my bad english
thx anyway . :D

Comments

  • lucky0977lucky0977 Posts: 157Member ■■□□□□□□□□
    I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

    Personally I have a hard time retaining information long term so I prefer to take baby steps.
    CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

    You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    OS Certifications: MCSA: Windows 8.1 | Windows Server 2012
  • Mike7Mike7 Posts: 1,060Member ■■■■□□□□□□
    Suggest you check web pentester job postings in your area to see what is in demand.
    OSCP is not an easy exam so you may want to start with another certification first.
  • 636-555-3226636-555-3226 Posts: 976Member
    What's your web background? Do you have any web coding experience? That's a HUGE help for web app pen testing.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member
    Check out eLearnSecurity.
    https://www.elearnsecurity.com/course/
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • ZarakiZaraki Posts: 5Member ■□□□□□□□□□
    lucky0977 wrote: »
    I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

    Personally I have a hard time retaining information long term so I prefer to take baby steps.
    CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

    You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.

    thank you for your reply
    I think you mean OSWE , of course i want to take this certificate
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content
    and what about mcitp and rhce ?
    unfortunately elearnsecurity dont have training centers in middle east
  • ZarakiZaraki Posts: 5Member ■□□□□□□□□□
    Mike7 wrote: »
    Suggest you check web pentester job postings in your area to see what is in demand.
    OSCP is not an easy exam so you may want to start with another certification first.

    thank you also for your reply
    so what certification you recommend me to take first oswe ?
  • ZarakiZaraki Posts: 5Member ■□□□□□□□□□
    Zaraki wrote: »
    thank you also for your reply
    so what certification you recommend me to take first oswe ?
    before*
  • ZarakiZaraki Posts: 5Member ■□□□□□□□□□
    Check out eLearnSecurity.
    https://www.elearnsecurity.com/course/


    unfortunately elearn dont have training centers in middle east
  • xxxkaliboyxxxxxxkaliboyxxx Posts: 466Member
    Zaraki wrote: »
    unfortunately elearn dont have training centers in middle east

    It's all online. Courses are thought through slides, videos and online labs that you connect through SSH
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • Mike7Mike7 Posts: 1,060Member ■■■■□□□□□□
    Zaraki wrote: »
    thank you also for your reply
    so what certification you recommend me to take first oswe ?

    Not familiar with middle east. Have you looked at web pen tester job postings in your area? What certifications if any are they asking for?
  • lucky0977lucky0977 Posts: 157Member ■■□□□□□□□□
    Zaraki wrote: »
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content

    I took the CEH and was disappointed as you spend the majority of your time reading instead of getting practical experience and it's very expensive if you have to pay for the lab fees which are not even that great. The reason it's talked about so much is because it's a requirement if you want a job in the US Government.

    Like the others have said before, the eLearnSecurity courses are far more superior and will be done completely online. The course content, including the labs are impressive and will not destroy your wallet.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    OS Certifications: MCSA: Windows 8.1 | Windows Server 2012
  • lucky0977lucky0977 Posts: 157Member ■■□□□□□□□□
    Zaraki wrote: »
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?

    You could be skilled in absorbing information quickly, but unfortunately for me, I need to take things at a slower pace.
    My learning style is probably a lot different from yours but i'll offer my path that I have taken so far.

    CEH --> eJPT -->eCPPT (Currently enrolled)
    (Future plans) --> OSCP --> GPEN
    Bachelor of Science: Computer Science | Hawaii Pacific University
    OS Certifications: MCSA: Windows 8.1 | Windows Server 2012
  • MrAgentMrAgent Posts: 1,301Member
    Zaraki wrote: »
    thank you for your reply
    I think you mean OSWE , of course i want to take this certificate
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content
    and what about mcitp and rhce ?
    unfortunately elearnsecurity dont have training centers in middle east


    Pretty sure they meant OSWP. You cannot just go and take OSWE. You have to take the AWAE course from Offensive Security, which is currently only offered in person, once a year in Las Vegas.
Sign In or Register to comment.