question about eCPPT course/exam

Zoovash

For those who took it and without breaking the NDA, can you tell me how much Web Pentesting is involved in the course/exam?
More specifically, Hera Lab is enough to go through the course / pass the exam or do you also recommend buying Coliseum time ?

Thanks!

NovaHax

Can't speak for eCPPT specifically, but I know when I took the eWPT, the provided labs were sufficient...without getting Coliseum time. Remember, you can always choose eLearn's free alternative...hackme .

https://hack.me/

Its just a collection of vulnerable boxes...submitted by security nerds and developers. They haven't been signed off on by some quality assurance guy, but the reviews are usually enough to tell you which one's are worth your time.

Jonnyah

There's a post on the eCPPT forum by one of the admins which states that the easy Coliseum labs are sufficient to pass the eCPPT exam. Having access to the Coliseum labs I can tell you that there are only three easy labs, one Unrestricted File Upload, one hidden directory lab and one XSS lab.
The XSS is extremely basic, involves entering some java script in a search box, the script to use is covered in the course work "<script>alert("XsS")</script>".
The upload lab is a bit more complicated, it involves uploading a php file to a picture upload site, the uploaded php file is then called in order to read the contents of other php files.
The hidden directories lab is fairly easy, it just involves spidering a website and then trying to brute force hidden files using Dirbuster.

You can certainly use hack.me for a XSS lab.

Zoovash

Thank you for your responses!
I'll be enrolling in this course next month and since I'm paying it myself I wanted to make an estimate of how much it will cost me.
It's not fun to put some money apart for training just to discover mid-course you have to spend more than your budget