WAPT before eCPPT?

Hi all,

This one is mainly for pentesters.

I've recently passed the eJPT exam and had good fun actually getting some hands-on security experience and developing new skills.

I'm interested in taking further courses at eLearnSecurity, such as the WAPT and eCPPT.

There may be a need at my current employer for web application penetration testing. So, my question is, does anyone feel that the network side to penetration testing is a prerequisite for we application penetration testing?

I'm thinking of jumping into the WAPT course as I meet the recommended prerequisites:

Basic understanding of HTML, HTTP and Javascript.
Reading and understanding PHP code will help although it is not mandatory.
No web development skills required.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

airzero

I'm not a web application tester but I have taken both of the eLearnSecurity courses and I can say that they are very different from each other. It really is a good idea to know the basics of all kinds of testing to be a good pentester and then focus in on your specialty, I think most people start with networking testing as it's the traditional role but it's by no means a requirement.

As for the courses, if your looking to get into web app testing, then go with the WAPT course. While it is pretty basic and doesn't dive too deep into things, it still covers a lot of necessary fundamentals and will be important to understand. It's also exclusively focused on web apps and will build you from the ground up for that specific type of testing. I recommend the course if you haven't done much with web apps before as I didn't.

The PTP course for the eCPPT certification is more of a general pen testing course and covers network, simple web app, and basic buffer overflow testing. It's a well rounded course that builds well from where eJPT left off. The web apps stuff is quite basic however and you would learn much more about them from the WAPT course.

Really both courses teach you the basic methodology for conducting penetration tests and where to get started. If you really want to get into web application testing, I'd suggest the WAPT course and then do the OSCP later on if you would like to learn network testing. Just know that you will still need to do a lot more research and practice in home labs to really learn techniques, I'd suggest trying out DVWA, Multidae, and OWASP Juice Shop for a home lab. You may also want to look into pentesterlabs, I've heard nothing but good things about their web app training.

ansionnachcliste

A very awesome reply, thank you.

I've opted to go for the WAPT course as it currently suits my job requirements. I think the OSCP after this would be suitable, rather than eCPPT.

Great advice and guidance.

tedjames

They're offering both WAPT and PTP as a package deal for $1999 until April 30.

https://www.elearnsecurity.com/landing/the_elite_pentester_bundle

That said, I'm thinking about just purchasing WAPT now (in case the price goes up) and saving it for when I pass CISSP (not enough time to do both at the same time), even though the bundle is the better deal. I don't want to have such a huge backlog of training.