Well, as it has come up a few times, I’ve finally decided to do a comparison of the eCPPT vs OSCP certifications and courses.
- More teaching oriented labs
- Slightly more realistic exam/report
- Very helpful admins
- Important Web App vulns covered (CSRF, XSS, etc.)
- Cheaper (generally)
- Not as much industry recognition
- Obviously still some QA improvements to be made
- Easier to drag it out with extensions
- Only slides, no PDF for course material
- Industry recognition
- Awesome lab environment
- More emphasis on self learning
- PDF and videos for course material
- Wide variety of machines, exploits, and vulnerabilities
- Can be difficult and frustrating at times
- More emphasis on self learning (yup, both a pro and a con)
- Generally less helpful admins (regarding the coursework)
- Videos and PDF mostly repeat the same information
- DIY labs/lab environment
While they both have their pros and cons, I’d say that it depends on your financial, career, and personal situation as far as to what you should do.
If you plan on doing both eventually, then I definitely recommend starting with the eCPPT then moving on to the OSCP.
If you want to get into Penetration Testing as soon as possible, and can only get one, then I’d recommend the OSCP.
If you are already in Penetration Testing, and just want to brush up, then I’d recommend the OSCP.
If you are new to the field entirely, then I’d recommend the eCPPT (at least to see if you are still interested).
That said, they say a picture says a thousand words, so here is a picture of the cert that I actually have framed.
Even though my OSCP is the one framed, and the one that I’m slightly biased towards, I still think eLearnSecurity is a great company, and I hope that they get a bit more industry recognition in the coming years.
I am myself torn between doing the eLearn 4 in a box bundle (WAPT, WAPTX, MASPT, and ARES) vs. the OSCE next. If work is paying for it, then I will do the eLearn first since it costs more, but if not, I will probably start with the OSCE and go from there.
One last thing that I like about eLearn is their number of online course offerings. When it comes to Offensive Security, the only choices are the OSCP, OSCE, and WiFu. eLearnSecurity at least lets you pick from the eCPPT, eCRE, eJPT, eMAPT, eNDP, eWDP, eWPT, and eWPTX.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.