Introduction

Around a month ago, I was looking for my next “hacking” certification. Up to this point, I’ve achieved the CEH, OSCP, OSWP, and Pentest+ (beta), in that order. I was specifically looking for web application, reverse engineering, and advanced penetration testing certifications that were relatively up to date as I felt that I needed deeper knowledge in these fields. I considered taking SANS courses as they do cover all of those topics, but I’m too poor for SANS courses, so those were quickly eliminated. For reference, the price of one SANS certification would be more than multiple trainings offered by most companies, in my experience.

Through asking around and reading reviews, I was recommended eLearnSecurity (ELS) by multiple people. I had heard of ELS in the past as many students use their junior pentesting courses to prep for the OSCP, but I was not aware of the breadth of courses that they offered. After browsing their site and reading reviews, it appeared that they met the main criteria I was looking for in terms of topics covered and having real-world exams. Another important aspect I researched was how well these certifications were known by the industry. A quick search of LinkedIn and Indeed for “eWPT” (their web application certification) and “eWPTX” (their advanced web application certification) yielded quite a few job results. The advanced penetration testing (eCPTX) yielded one result and the reverse engineering certification (eCRE) yielded none. So, it appeared that they were industry known in some aspects and not so much in others.

I decided to pull the trigger and purchase four courses at once. I did this because there was a significant discount offered as you bundled courses. All in all, I spent around $4,400, or $1,100 average per course, for the following:

Web Application Penetration Testing v3 Full (link)

Web Application Penetration Testing Extreme v1 Full (link)

Penetration Testing Extreme v1 Elite (link)

Advanced Reverse Engineering of Software v1 Elite (link)

Given this purchase, I intend to review each of these courses and their certification process. As of today, I have completed the Web Application Penetration Testing (WAPT) course and earned the eWPT certification. So, let’s begin part 1: reviewing eLearnSecurity’s WAPT.

The eLearnSecurity Platform

When I signed up for the ELS courses, I received my registration e-mail and was taken to their members area. Here is a screenshot of what that looks like:

As you can see, the platform is pretty intuitive. You have individual boxes you click on that contain your coursework. There are also links on the side that easily take you to your labs, your exam registration, the forum, and your certifications as you earn them. Let’s dive into the course:

When you’re taken to the course screen, you can view your overall module and lab progress as well as your individual progress on each module. As you can see, there are 15 modules and 18 labs, which I did not complete all of, but we’ll get into that later. The page also includes the “study” button, which takes you to your learning module and videos (if there are any). You have the option to download the PDF version of the modules if you purchase the elite version of the course (I did not). Now, let’s take a look at clicking on the study button:

When you click on study, you’re taken to a module area, similar to what you see above. Everything is incredibly intuitive and breaks down into an interactive PowerPoint of sorts. Once you’re through with the module, you just exit out and check your check mark on the previous page. It’s that straightforward.

On to the rest of the platform. Here is the labs page, which is very similar to the course module page:

As you can see, you get a lab manual and a “start” button. The start button activates the labs and gives you a VPN key to download and login with. This allows ELS to track the amount of time you have spent on each lab as the courses have lab time limitations. For the full version of WAPT, I received 60 hours. The elite version of WAPT is 120 hours. Depending on your experience in the topic beforehand, the full or elite may suit you better. Again, very straightforward and intuitive.

The exam process is also incredibly intuitive. Let’s take a look at the exam page

As you can see above, the exam page has your exams ready for all of your courses. You literally navigate to the course exam you want to take and you click “Begin Certification Process”. Your exam starts right then and there. It’s that easy.

Lastly, I’d like to give a shout out to the forums. While I only had to use them once, I received a pretty prompt and friendly response from the ELS admins. I think they are a great additional resource provided and allow you to interact with other students going through the course.

Overall, the platform is super intuitive and straightforward. You can get to where you want to be in just a few clicks and the layout is very user friendly. I love the fact that starting your coursework and exam is so instant. I also just enjoy the look and feel of the whole thing. It feels very professional and well done.

The WAPT Course & Exam

The WAPT course was pretty fantastic. As you may have noticed earlier, I did not complete all of the modules or the labs before attempting my exam. Going into this course, I felt generally confident in a lot of the topics covered, but there were still some knowledge gaps. Thus, I believe I had a leg up and did not have to spend as much time in the labs as others might. I truly believe that a web app beginner may need the full 60 hours of lab time to feel comfortable before their exam. While I did not check the “completed” box for everything, I did review every lab manual (and solution) and saw enough of the modules to give an overall honest opinion.

Instead of covering what is included in the course (you can find that here), I’d like to talk about what specifics I enjoyed or didn’t enjoy about the course. Let’s talk about the pros first:

My biggest praise for WAPT is that it not only teaches you the attack, but it shows you the code behind the misconfiguration, and teaches you how to mitigate those attacks. You learn the red, blue, and development side all at once. While there may be courses out there like this, I have never encountered them. Going into this certification, I was pretty well versed on common web application exploits, but getting to see why they occur and how you can stop an attacker like me in my tracks was incredibly useful. Especially so for those that are in consulting. This type of training would be useful not only for red teamers, but for blue teamers and developers as well.

My second biggest praise for WAPT is that it teaches you how to report. Reporting is half of the work when it comes to penetration testing and certifications tend to gloss over it. Not ELS. The first chapter covers the importance of reporting and even touches on documents such as Rules of Engagement, Non-Disclosure Agreements, and more. It really gives insight to the amount of paperwork involved during a penetration test, especially for those trying to break into the field. On the reporting side, ELS provides a reporting guide that is incredibly detailed. It is not “here’s a sample report, just replace what you see”, but instead it’s a guideline of what should be included in a report, in what order, and why. Similar to the mitigation teachings noted in the last paragraph, I’ve never seen a certification company go into this much detail on the topic of reporting. Bravo.

Lastly, I’d like to group some of the small pros into their own paragraph. In terms of the exam, I enjoyed how easy it was to begin the exam. It literally began when I hit “begin certification process”. The exam was also no walk in the park and for a practical exam, it did a great job. You have to dig deep if you want to gain admin and you really have to know the course materials to do so. High praise also goes to the certification reviewers. I had my report and certification back in four hours, which is incredibly impressive. Again, I’d like to note that admins also responded quickly and pleasantly when I had a technical issue.

On to the cons. I will admit that most of these are nit-picky, but I feel like I should still voice my opinion on them. My biggest con was the way the labs are done. As mentioned earlier, you have to download an individual VPN key every time you start a lab. Again, this is so ELS can track how much time you’re spending in the labs. Where the con comes in is that you are forced to update your DNS settings in order to resolve their lab sites. Meaning, you have to download the key, connect to the VPN, change your DNS, do your lab, change your DNS back, and then stop your lab/timer. It’s a tedious process that becomes annoying, especially if the connection drops in which case you have to switch your DNS, try to reconnect to your VPN, and switch back again. During my exam, I lost connection several times, for no apparent reason, and lost progress on scans a couple of times because of it. It would almost be better to be given an IP address to attack during labs instead of doing name resolution.

The last con I’m indifferent about. It also has to deal with the labs. On an overall front, I thought that the labs were pretty great and informative. There were detailed solutions provided and even challenge labs that offered no solution, just your brain and your tools to figure it out. However, some labs felt skimped on. For example, the Flash lab just has you follow along with the course video and doesn’t provide any problem sets or challenges. Again, it’s nit-picky, but I wouldn’t call that a lab.

I’d love to see an unlimited lab environment in the future that allows students to connect via a VPN and have access to everything all at once. Since students can follow most videos in the lab environment, it would save quite a bit of time from having to download a new key and changing DNS settings for every module. I understand the pricing model revolves around lab time, so I do not expect this change and if this is my only complaint ever about ELS courses, I will remain very happy

Conclusion

Overall, I would highly recommend the WAPT course to anyone who asks me about it. I believe the modules taught are incredibly thoughtful, going deep into current web exploits, their flaws, and how to remediate them. Again, I am also incredibly impressed by the detail of the reporting guide, the ease of the platform, the real-world feel of the exam, and the quick grading and customer service from ELS. My experience has been nothing but pleasant thus far.

At $1,200 for the full version of this course and certification, I rate it as worth it. It will absolutely take a student from no knowledge to atleast a junior web penetration tester level and provide them with a certification that is showing up repeatedly on job boards. If you’re considering the course, go for it!

Wanna chat? Add me on Twitter, YouTube or LinkedIn!

Veteran? Join our Slack!