eCPPT vs OSCP Certifications

Well, as it has come up a few times, I’ve finally decided to do a comparison of the eCPPT vs OSCP certifications and courses.

While the eCPPT and OSCP are both penetration testing certifications, they differ a bit with their as the course material, labs, support, and exams.

eCPPT

Pros

  • More teaching oriented labs
  • Slightly more realistic exam/report
  • Very helpful admins
  • Important Web App vulns covered (CSRF, XSS, etc.)
  • Cheaper (generally)

Cons

  • Not as much industry recognition
  • Obviously still some QA improvements to be made
  • Easier to drag it out with extensions
  • Only slides, no PDF for course material

OSCP

Pros

  • Industry recognition
  • Awesome lab environment
  • More emphasis on self learning
  • PDF and videos for course material
  • Wide variety of machines, exploits, and vulnerabilities

Cons

  • Can be difficult and frustrating at times
  • More emphasis on self learning (yup, both a pro and a con)
  • Generally less helpful admins (regarding the coursework)
  • Videos and PDF mostly repeat the same information
  • DIY labs/lab environment

While they both have their pros and cons, I’d say that it depends on your financial, career, and personal situation as far as to what you should do.

If you plan on doing both eventually, then I definitely recommend starting with the eCPPT then moving on to the OSCP.

If you want to get into Penetration Testing as soon as possible, and can only get one, then I’d recommend the OSCP.

If you are already in Penetration Testing, and just want to brush up, then I’d recommend the OSCP.

If you are new to the field entirely, then I’d recommend the eCPPT (at least to see if you are still interested).

That said, they say a picture says a thousand words, so here is a picture of the cert that I actually have framed.

eCPPT vs OSCP - Framed OSCP

Even though my OSCP is the one framed, and the one that I’m slightly biased towards, I still think eLearnSecurity is a great company, and I hope that they get a bit more industry recognition in the coming years.

I am myself torn between doing the eLearn 4 in a box bundle (WAPT, WAPTX, MASPT, and ARES) vs. the OSCE next. If work is paying for it, then I will do the eLearn first since it costs more, but if not, I will probably start with the OSCE and go from there.

One last thing that I like about eLearn is their number of online course offerings. When it comes to Offensive Security, the only choices are the OSCP, OSCE, and WiFu. eLearnSecurity at least lets you pick from the eCPPT, eCRE, eJPT, eMAPT, eNDP, eWDP, eWPT, and eWPTX.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.

6 Comments

Filed under Security Not Included

6 Responses to eCPPT vs OSCP Certifications

  1. jack

    Hi Ray,

    I really appreciated your analysis and comparison between the two certificates.
    I’m still actually thinking about what to do and which certificate to get.
    I don’t have any certificates yet. I heard about CEH (for starting?), Security+ and many others. Then I read (and I’m still reading) about OSCP and eCPPT.
    I am really into IT security and I’ve read some books, forums, websites and so on. I can’t tell you which my level is.
    Would you go for CEH and then think about OSCP/eCPPT or would you rather skip the first step going straight to OSCP/eCCPT?
    Any other thought / suggestion on my situation will be appreaciated.
    Thanks in advance!

    • Hi Jack,

      Glad that you found it informative, and hopefully I can provide you with some suggestions or direction.

      As far as CEH is concerned, I wouldn’t say that it is terribly useful at this time. It is mostly a tool based, regurgitation exam that will only help with HR filters or DoD 8140.

      If you aren’t quite sure what your level is, then I’d probably start with the eLearnSecurity courses. They are a bit less self directed, and the labs are more straightforward. You will be able to improve your methodology and thought process a bit before being thrown into the OSCP.

      If you aren’t fully confident in your abilities, but you definitely want to try a Penetration Testing certification, then you could also try the Penetration Testing Student course. This should be even lower level than the eCPPT, which would then let you decide if you want to go into Penetration Testing and what to try next (though PTS -> eCPPT -> OSCP is a nice and linear growth).

      Let me know if you have any other questions or issues, or if you want other suggestions or ideas (for self learning, etc.)!

      • jack

        Hey Doyler,

        thanks for answering to me so fast and for all the information you gave to me.

        I will definitely look at the PTS and see if it fits better to me.
        Just to be clear, I don’t do this as my job (even if I’ve done my master thesis on web security) but there is a possibility that my company will pay for the courses/exams.
        From what I can see, I already have much of the knowledge of PTS, so maybe I could look directly at eCPPT.

        I know this is a difficult question to answer because it depends on tons of aspects, but would you be able to give me an idea of how much time will require to me to prepare an exam like eCPPT? The thing is that I am gonna ask my company time for studying and preparing that exam but I have no idea how much time it will take to me.

        I would also appreciate if you could give me some hints for self learning, like you said. I like cybrary.it and null-byte.wonderhowto.com. What do you think about those two? Do you have any other? Would you suggest me some great book to read?

        Thanks very much, again!

  2. Fabio Baroni

    I agree with your review. Just a quick note: the barebone plan doesn’t include pdf (only slides) but the full and elite plans do include pdf.

    • Ah yea, good point, and thanks for that Fabio. Back when I signed up there wasn’t the option for the barebones plan. That said, I actually ended up using the slides more than anything else.

  3. Pingback: Homepage

Leave a Reply

Your email address will not be published. Required fields are marked *

*