certification path to web application penetration testing

ZarakiZaraki Member Posts: 5 ■□□□□□□□□□
I have already taken comptia security+ and ccna and i have some experience with sql and php
should now i take ceh or rhce or cpte ? to start the right road to be a professional websites pentester
and what is the best certificate nowadays in web application penetration testing ? oscp ?
and sorry for my bad english
thx anyway . :D

Comments

  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

    Personally I have a hard time retaining information long term so I prefer to take baby steps.
    CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

    You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Suggest you check web pentester job postings in your area to see what is in demand.
    OSCP is not an easy exam so you may want to start with another certification first.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    What's your web background? Do you have any web coding experience? That's a HUGE help for web app pen testing.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Check out eLearnSecurity.
    https://www.elearnsecurity.com/course/
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • ZarakiZaraki Member Posts: 5 ■□□□□□□□□□
    lucky0977 wrote: »
    I think all of the training programs offered by Offensive Security (OSCP, OSWP) are probably the best you can get right now. You can do it that way or do it the cheap way and spend countless hours on youtube trying to follow those examples.

    Personally I have a hard time retaining information long term so I prefer to take baby steps.
    CEH --> eJPT and currently enrolled in eCPPT with the ultimate goal of attaining the OSCP and GPEN.

    You're asking about strictly pentesting websites though. I think Offensive Security has a course and certification that deals only with that but you should go visit their site to see what they have to offer.

    thank you for your reply
    I think you mean OSWE , of course i want to take this certificate
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content
    and what about mcitp and rhce ?
    unfortunately elearnsecurity dont have training centers in middle east
  • ZarakiZaraki Member Posts: 5 ■□□□□□□□□□
    Mike7 wrote: »
    Suggest you check web pentester job postings in your area to see what is in demand.
    OSCP is not an easy exam so you may want to start with another certification first.

    thank you also for your reply
    so what certification you recommend me to take first oswe ?
  • ZarakiZaraki Member Posts: 5 ■□□□□□□□□□
    Zaraki wrote: »
    thank you also for your reply
    so what certification you recommend me to take first oswe ?
    before*
  • ZarakiZaraki Member Posts: 5 ■□□□□□□□□□


    unfortunately elearn dont have training centers in middle east
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Zaraki wrote: »
    unfortunately elearn dont have training centers in middle east

    It's all online. Courses are thought through slides, videos and online labs that you connect through SSH
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    Zaraki wrote: »
    thank you also for your reply
    so what certification you recommend me to take first oswe ?

    Not familiar with middle east. Have you looked at web pen tester job postings in your area? What certifications if any are they asking for?
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Zaraki wrote: »
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content

    I took the CEH and was disappointed as you spend the majority of your time reading instead of getting practical experience and it's very expensive if you have to pay for the lab fees which are not even that great. The reason it's talked about so much is because it's a requirement if you want a job in the US Government.

    Like the others have said before, the eLearnSecurity courses are far more superior and will be done completely online. The course content, including the labs are impressive and will not destroy your wallet.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • lucky0977lucky0977 Member Posts: 218 ■■■■□□□□□□
    Zaraki wrote: »
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?

    You could be skilled in absorbing information quickly, but unfortunately for me, I need to take things at a slower pace.
    My learning style is probably a lot different from yours but i'll offer my path that I have taken so far.

    CEH --> eJPT -->eCPPT (Currently enrolled)
    (Future plans) --> OSCP --> GPEN
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Zaraki wrote: »
    thank you for your reply
    I think you mean OSWE , of course i want to take this certificate
    but how to start preparing for this certificate ? i mean what the best certificate to take before oswe ?
    do you think ceh will help me with that ? some people told me ceh have a poor and weak content
    and what about mcitp and rhce ?
    unfortunately elearnsecurity dont have training centers in middle east


    Pretty sure they meant OSWP. You cannot just go and take OSWE. You have to take the AWAE course from Offensive Security, which is currently only offered in person, once a year in Las Vegas.
Sign In or Register to comment.