Welcome to another branch of my cybersecurity path!
Today I want to tell you about my Cyber Security #certification plans, related to eLearnSecurity courses!
I’ve enrolled for: The Penetration Testing Student (PTS) course and Web Application Penetration Testing course…
Why eLearnSecurity courses? Before my current work I wanted to work as a penetration tester. I was bumping from one interview to another and listen to many contrasting opinions about ideal candidate ( to be honest with you: I wasn’t one).
So listening between “learn how to use Burp” and “do not use Burp, you don’t need this” (I do learn how to use Burp e.g. in #JuiceShop) or “do some hands-on certification” vs “certificates are pointless” I asked a question: What certification is hands-on enough?
After my private research, I’ve learned that:
- CEH (Certified Ethical Hacker) is well recognized, but based only on multiple-choice question,
- Same as CISSP (Certified Information Systems Security Professional) – the widest and well-known one,
- OSCP (Offensive Security Certified Professional) is well known and hands-on but not entry-level (as far as I’m concered it is hard, but desired by employers),
- eLearnSecurity certificates includes course+exam as a package.
So, my plan is to check eLearnSecurity certification and then, maybe in the future after finishing #JuiceShop and some solving some #HackTheBox puzzles I’ll try to obtain OSCP.
Why? What for?
While I’m keen to learn, I want my certificates to be hands-on to enrich my knowledge and I’m willing to gain new skills. (perfect answer during an interview :D)
Of course it would be much easier to remain buried in the books whole weekend and get CEH or Security+, Pentest+ or even some GIAC certs like GPEN or GWAPT and then enlarge my LinkedIn profile with pipes: Name Nickn@me Surname | CISSP| Multiple-Choice1 | MultipleChoice2 | MultipleChoice3 … but it’s not my goal for the time being.
And of course, I envy those guys and girls, probably I’ll join them in the future, but I would like to start my | … with something practical.
Will whole weekend be enough to learn to get CEH or different certificates?
In my opinion – yes. You can find question banks, question dumps and so on for all multiple-choices cybersecurity certificates (CISSP included).
I’ve tried this kind of learning for CEH and I can assure you, that it’s possible to learn answers in one weekend 😉 (not sure if worth it), especially if you have e.g. platforms like O’Reily, where you can find this multiple choice quizzes.
Anyway, I’ll probably try passing CEH (not only basing on question banks) in the future, but let’s leave it for now and get back to eLearnSecurity.
When I was discovering wide selection of eLearnSecurity courses I was flabbergasted how big their offer is. The offer is grouped in paths (3 courses each) related to the cybersecurity side: blue or red team:
- Blue Team:
- Enterprise Defender,
- Incident Reponsder
- Red Team:
- Network Penetration Tester
- Web Application Pentester
- Advanced Pentester
- And one special one for Purple Team 🙂
I think it is interesting and shows that the courses can be combined to gain dedicated part of knowledge and can be an asset while looking for cybersecurity profession.
Both courses are consisting of self-paced materials (slides 📖 and videos 🎬) and practical labs 🔬. The end of the course is related to passing hands on exam with certification. I think that’s more interesting and self-teaching oriented. Let’s discuss their content (based on eLS page).
Penetration Testing Student (PTS) with eJPT (Junior Penetration Tester exam)
This one is for absolute beginners in IT Security. They do not require any pre-requisites beside basics of computing and computer science, I do not consider myself as “absolute beginner” but I wanted to sniff each other with the platform and also PTS is first step in two red team paths: Web Application Pentester and Network Penetration Tester. I’ve thought it’s going to be a good departure point and also good start to familiarize with this kind of ‘online exams’.
Syllabus is divided into 3 chapters: Prerequisites (4 modules), Programming (4 modules) and Penetration Testing (7 modules).
I don’t want to describe all of them here, because I’m planning to write different articles about my impressions about the courses.
19 labs related to the course covers topics related to the modules and also includes 3 different Black-Box Penetration Tests – and I think some part of it is going to be very useful during exam.
Also, obtaining the eJPT certification qualifies for 40 CPE
Web Application Penetration Testing with eWPT (Web Penetration Tester)
WAPT is more advanced course, which is described as “start from the very basics, all the way to advanced post-exploitation activities” and it covers such topics as: OWASP’s TOP 10, Burp, XSS & SQL Injection and lot of different activities. We are promised that “(course) makes you a proficient professional web application pentester” and that is something I was looking for 😊
This one includes 75+ labs divided into 19 categories (such as SQL Injection, XSS, Flash security, XPath, exploiting WordPress, etc.)
Pre-requisites are simple again, e.g.: basic understanding of HTML, HTTP and JavaScipt, reading and understanding PHP (which is helpful but not mandatory).
Both courses sound interesting, but they are not the cheapest.
I’ve bought them by myself as an individual, and always they are 3 plans:
- Barebone – with no access to labs, without exam and certification voucher and without video training materials,
- Full – Much richer than Barebone, with access to labs (but for limited time), final exam, certification voucher and eCertificate,
- Elite – with the longest access time to labs (twice the Full time), downloadable training materials, mobile access for mobiles and infinity certification voucher.
Net prices below:
|Barebone||Invite only (free)||999$|
PTS course is an exception in eLearnSecurity, while It’s cheap it is impossible to pay in installments. Rest of the certificates came with installment plans (divided by 3 installments, paid each following mont).
Keep in mind that if you are not US tax resident (which I’m not) you have to add VAT tax.
Happily, eLearnSecurity offers discounts if you buy courses in bundles and also offers some discount codes or limited-time offers from time to time on their LinkedIn page.
I would like to continue my websec journey with #JuiceShop and still describe it here, but it’ll be less intensive.
Then I would like to add some articles about obtaining eJPT / eWAPT (without spoliers) and you will find them here:
- To Be Continued
And that’s it for today 😊 I’m going to my course list and follow my Training Paths! 😊
If you have any questions do not hesitate to contact me!
- eLearnSecurity courses page
- eLearnSecurity training paths
- OSCP page (Offensive Security Certified Professional)
- CEH page (Certified Ethical Hacker)
- CISSP page (Certified Information Systems Security Professional)