The Worlds' Premier Online Penetration Testing Course


Features of the Professional Course:

  • Comprehensive and results-based
  • Virtual labs and real-world scenarios that will prove
    you can perform a thorough pentest and produce a commercial-grade report
  • Advance at your own pace
  • Attend from the comfort of your desktop or home
  • Successful completion leads to the prestigious ECPPT certification
  • 4500+ interactive slides
  • 13 hours of video training
  • Network security
  • System security
  • Web application security
  • Wi-Fi security
  • Ruby for Pentesters and Metasploit
  • Hera Lab included
  • Dedicated forums
  • Qualifies you for 40 CPE credits
  • eCPPT Certification
  • Lifetime access to material



New and improved learning material

  • Kali Linux and Metasploit 4.9
  • Advanced and latest techniques covered
  • 14 hours of video training material total
  • New Wi-Fi Section
  • New Ruby for Pentesters and Metasploit section
  • Material available in Flash, HTML5 and PDF
  • Tied to our two labs: Coliseum and Hera

New Hera Virtual Lab

  • Real world scenarios and targets
  • Fully routed networks of computers
  • Dedicated access for each user
  • Windows, Linux, BSD targets
  • Revolutionary On-Demand Model
  • Access in VPN from wherever you are
  • Use your preferred attacker machine


Tell me more about Hera Lab


"Read this before signing up for any Penetration Testing Course"


Dear Aspiring Penetration Tester,

With so many penetration testing courses & certifications on the market, how do you make the choice that is right for your unique circumstances?

Let’s face it. Becoming a certified penetration tester is not easy, even with years of experience in general IT security. A good penetration tester needs both “offensive” and “defensive” knowledge about IT security. Unfortunately, conventional IT training only focuses on the more "defensive" aspects.

To make matters more confusing for the beginner, there is no industry standard definition on what it means to be a penetration tester. There is no prescribed course syllabus that one has to go through. This means that someone may be...


"Certified" But Not Proficient
in the Real World!

A Lucrative and Important Job

Penetration testing is big business in today's IT environment.

Penetration testing is big business in today's IT environment. A qualified penetration tester can easily command $15,000 to $45,000 per commercial or government project and/or increase his or her financial package with the current employer! There is also the prestige and perks of being known as a “hacking expert”. The media loves to interview such experts about IT security issues.

However, merely acquiring "certifications" will not turn you into an expert penetration tester overnight. Most commercial penetration testers have years of experience and learned their skills from trial & error. They also have to keep up with the latest hacking techniques, threats and countermeasures.



So the question is: If you don't already have years of experience or the years to learn through trial & error ...

how can you fast-track your way to penetration testing success?

Here are 3 possible options:

  • You can spend time attending "live" classes: This can be difficult if you hold a day job, and can't take time to attend regular lessons. If you have family commitments, it makes juggling your time even more difficult. One of the worries about attending "live" classes is not keeping up with the pace, especially if you are not from an IT background. Another stumbling block is finding high-quality classes conducted in your area. You may have to spend time traveling to attend these classes
  • You can learn from books or manuals. There has been a great deal written about penetration testing. However, this field is constantly evolving and the long publishing cycles can't keep up with the pace of new knowledge. While there are many "underground" hacking techniques, they are not well-documented. And there is no prescribed "reading list" for a penetration tester, because this field draws from many disciplines (even psychology).
  • You can get yourself "certified" by paying a fee & taking a test. As mentioned, certification does NOT equal real-world competence. Most of the "certifications" offered merely require you to sit through a multiple-choice exam. This is like assessing a fighter pilot based on his performance on a written test!


The best possible option is to take advantage of the comprehensive course, real-world labs and eCPPT certification eLearnSecurity. Get started today.

Discover what you can learn in a self paced training course on Penetration testing:


The Professional Course from eLearnSecurity includes all this and more:



  • 4500+ interactive slides
  • 13 hours of video training
  • Network security
  • System security
  • Web application security
  • Wi-Fi security
  • Ruby and Metasploit development
  • Hera Lab included
  • Dedicated forums
  • Qualifies you for 40 CPE credits
  • eCPPT Certification
  • Lifetime access to material





Incredibly In Depth, And Practical


The Professional Course is divided in three sections, comprised of Flash slides, video material and practical exercises. This ensures that you have a sound understanding of each technique before showing you how to use the tools in the real-world. The course is designed to make you a Professional, not just a technician.

The System Security Section is a highly technical and fascinating journey into the exploitation world authored by Vipin and Nitin Kumar, the two researchers who, while at Black Hat in 2007, demonstrated the first Windows Vista Bootkit (and later on Windows 7).

This section covers everything a penetration tester must know in terms of system exploitation, from an introduction to the x86 architecture, through shellcoding techniques for different platforms.

You will understand the basics of cryptography and how these affect password cracking techniques used by modern hackers.

If you are interested in Malware we've got you covered, including real world examples and an exclusive guide on how to code your own rootkits.


The Network Security Section is authored by our senior instructor Brett Arion, who has over 15 years of experience as an IT Security professional.
This section will introduce you to a systematic and modern Information Gathering methodology leveraging the power of OSINT and the major investigation tools such as Maltego. It will then introduce the student to in depth network protocols features and weaknesses that allow for traffic sniffing, enumeration and scanning.

Nessus Vulnerability scanner is covered in depth through different videos and in practice within our Hera Lab.
An in depth module on Exploitation will drive you through the major and most modern Client side and Remote exploitation techniques using Metasploit.
The Post Exploitation module will introduce you to a proven methodology used by experienced penetration testers to infiltrate, gather credential and persist within a corporate network.
An entire module is dedicated to Social Engineering exposing tricky techniques and teaching you how to use the Social Engineering Toolkit.





The Web Application Security Section authored by our founder and lead instructor Armando Romeo, is an extremely in-depth section covering all the most important attack techniques used against web applications and the OWASP TOP 10.

A great deal of coverage is given to the analysis of web applications - you will learn how to collect and methodically store engagement information, as well as fingerprint the infrastructure and application.

You will also learn how to master tools like Burp Suite and other OWASP recommended tools to inspect the target web application.

You will be exposed to the best manual and automated techniques professional penetration testers use to assess vulnerabilities in web applications.

Continuing your education, you will then learn and practice many more advanced exploitation techniques, including XSS, SQLI, LFI/RFI and more.

Finally, you will study advanced payloads that will bring you from simple XSS or SQLi to root access on the remote host.

This section is best enjoyed with an account to Coliseum Labs.






The Ruby for Pentesters and Metasploit section covers Ruby programming techniques starting from the Ruby fundamentals up to advanced and penetration testing oriented topics.

At the very beginning you will learn how to install and configure your own environment to work with Ruby, and then we will cover basic concepts such as how to create scripts, run them, install gems and use interactive shells.
You will then start writing simple Ruby programs to get familiar with data types, methods, variables, scope, classes, modules and much more.

Once the student masters the most important concepts and structures of Ruby, the course will focus on penetration-testing topics: work with nmap output files, interact with Operating Systems, use the network, create raw sockets and much more. With the help of many useful scripts, you will learn how to interact with web applications: get resources, send data, create simple crawlers as well as find and exploit web application vulnerabilities.
In the last two modules of the 'Ruby for Pentesters and Metasploit' section, you will use Ruby in order to find and exploit buffer overflow vulnerabilities. Then, after a brief overview of the Metasploit framework, you will learn how to create and run Metasploit modules against custom vulnerable applications.



The Wi-Fi Security Section is an extremely in-depth section covering all the most important attack techniques used against Wi-Fi networks. You will learn which are the security mechanisms implemented in Wi-Fi architectures in addition to their weaknesses and how to exploit them.
In the first modules of this section you will see which is the hardware/software configuration required as well as how to properly configure your test environment to obtain the best outcome from the successive modules.
After a brief introduction of the basic concepts of Wi-Fi infrastructures, you will study which types of Wi-Fi configurations exist, how they work and which are the security features and mechanisms implemeted.

Once you have all the necessary knowledge on Wi-Fi infrastructures and protocols, you will see how to discover/ identify networks, intercept/sniff the traffic and finally how to run different attacks against different Wi-Fi configurations (such as WEP, WPA, WPA2, WPS).
In the last module of the 'Wi-Fi Security section', you will see how to use Wi-Fi as attack vector: use your Wi-Fi card for wardriving purposes, create rogue AP, run MitM attacks and much more.






Get A Free Module And Experience This Course Directly



Armando Romeo is the founder of eLearnSecurity and author of the Web Application Security section included in the Penetration testing course - Professional.

Prior to founding eLearnSecurity, Armando had founded the Hackers Center Security research group with which has published over one hundred security advisories on open-source and commercial web applications. During his career, Armando has conducted a number of web application and network security assessments. He has served as Consultant and Head of Italian business for Security Brigade, a leading Penetration testing services company based out of Mumbai, India.
He holds a Master's Degree in Computer Engineering from the University of Pisa.


Brett Arion, CISSP, is a co-founder of eLearnSecurity. He has two decades of experience in the IT industry, with over half dealing with IT Security, including serving as Director, ICT Security Information Manager for BlueCross BlueShield of South Carolina.

He has extensive experience in the areas of IT Operational Security processes, procedures, and methodologies. Brett has also been involved with a number of key regulatory requirements such as Payment Card Industry (PCI), Federal Information Systems Management Act (FISMA), and DoD Information Assurance Certification and Accreditation Process (DIACAP)
Brett is Author of the Network Security section of the Penetration testing course - Professional


Nitin and Vipin Kumar are two of the brightest talents in IT Security research. As independent researchers they are deeply involved in the System Security field. They apply their extensive hands on experience to creating practical coursework and virtual labs. Nitin and Vipin are co-authors of the Windows Vista Bootkit - Attacking Vista from Boot Sectors (Black Hat 2007) and Windows 7 Bootkit (Hack in the Box 2009).

Nitin and Vipin have authored the System Security section of Penetration Testing Course - Professional


Francesco Stillavato is Senior IT Security researcher and instructor at eLearnSecurity with 6 years of experience in different aspects of Information Security. His experience spans from web application secure coding to secure network design.
He has contributed to the Joomla project as a Developer and has conducted a number of assessments as a freelance. Francesco Stillavato's research is now focused on Mobile Application Penetration Testing on Android and iOS.

Francesco is the Manager of the eLearnSecurity Hera Lab project, devising new educational scenarios every month and coordinating the efforts of the different external instructors contributing to the project.
Publications: Francesco is the co-author of the Penetration testing course Professional, Mobile Application Security and Penetration Testing, Penetration Testing Student and author of all Hera Lab scenarios. Education: Francesco Stillavato holds a Master's Degree in Information Security from UniversitÓ di Pisa.


Stefano Angaran is Senior Developer and IT Security researcher at eLearnSecurity. He has over 7 years experience in Web development with a strong focus on writing secure code. As an indipendent security researcher he has published several advisories unveiling vulnerabilities in popular open-source software. In his Master thesis, Stefano developed a fraud detection system based on machine learning for applications in online banking security.

Stefano is Author of the WiFi Security section of the Penetration testing course - Professional. Education: Stefano holds a Master's Degree in Computer Engineering from University of Padua.


Andrea Tarquini is an IT Security researcher and software analyst/developer at eLearnSecurity. Andrea is a cryptography protocol enthusiast and his researches led to the development of the JustCryptIt (he is the main developer). JustCryptIt is the fastest way you to send confidential documents to friends and colleagues. He is also author of the 'Ruby for Penetration testing and Metasploit' section of Penetration Testing Course Professional.

Education: Andrea holds a bachelor degree in Computer Science and a Italian Master (Post Laurea Course) in Internet Technology. He is currently enrolled in Master Degree in Computer Science (UniversitÓ di Pisa).



Become eCPPT with eLearnSecurity's Professional Penetration Testing Course


Why should I get certified?

The eCPPT designation stands for "eLearnSecurity Certified Professional Penetration Tester". eCPPT is a highly respected Ethical Hacking and Penetration Testing Professional certification.

Professional penetration testers are a critical component of any company's IT security plan. By auditing systems and helping their company find and fix weaknesses before hackers find them, professional penetration testers help safeguard billions of dollars worth of sensitive systems and data every day.


With eLearnSecurity you can be...Certified AND Proficient in The Real World!



When you enroll in our Professional course you...
  • Get eCPPT Exam voucher included!
  • Redeem it within 180 days
  • Have up to 14 days to provide deliverables


In the last 5 years, Penetration testers role has evolved to provide a broader spectrum of services than ever before:

  • Advanced Web applications testing
    Every device nowadays has a web application front-end
  • Increased Reporting quality
    Penetration testing is not just breaking things anymore

But above all...
  • Business-aware remediation plans
    Penetration testers must understand their client's business more than ever


For the IT security professional seeking to keep his or her skills sharp, current and up-to-date with this perpetually evolving arena, eLearnSecurity's eCPPT certification delivers the best value in theory, methodology and practice.


A Professional Penetration Course Engineered to Keep Your Skills Relevant and Your Company Safe


eLearnSecurity's eCPPT certification is the most practical AND professionally oriented certification you can obtain in penetration testing. Here are some of the ways eLearnSecurity Certified Professional Penetration Tester (Gold) certification is different from conventional certification:

  • Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a hypothetical e-commerce company. This penetration test is modeled after a real-world scenario and is very challenging.
    Beware: this is not a catch the flag scenario! As in a real penetration test eLearnSecurity requires that you find and exploit all of the vulnerabilities
  • Not only do you have to try different methodologies to conduct a thorough penetration test, you will also be asked to write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.
  • Only individuals who provide proof of their findings in addition to writing a commercial-grade penetration testing report that correctly identifies the weaknesses and best remediations in this "engagement", are awarded the eCPPT Certification.


With eLearnSecurity penetration testing course, you will be able to study theory and methodology and practice your acquired skills through exercises and labs. You'll gain more than a certificate: you'll gain current skills that align with the changing demands of your industry.


eLearnSecurity's eCPPT is the only certification for Penetration testers that evaluates your abilities at attacking your target and providing thorough professional documentation and recommendation.


  • Complete support offered in all labs and exercises
  • Practice in our virtual lab and learn how to produce a commercial-grade penetration testing report
  • Your work personally evaluated by instructors - no automated evaluation


The Penetration testing course is an investment in your own career and your company. Give yourself a competitive advantage and an edge on hackers!







The Professional Penetration Testing Course v3 is a practice-based curriculum that comes with two different virtual labs: Hera Lab, included with any Professional v3 plans and Coliseum Lab for Web Application Security that is optional.


When you enroll in Professional v3 course, you can choose how much Hera lab time you need: 30/60/90 days with our Flat model or even 30/60 hours with the On-Demand model.
The On-Demand model lets you use the lab at any time, enjoying new labs when they are available. This is revolutionary.


When you enroll in Penetration Testing Professional v3 you get a special version of Hera Lab with ALL future labs released on the platform accessible free of charge. This is a list of currently available labs:


This is a list of Labs available in Hera as of April 14th, 2014. As new labs are added, you will find them here.

Each Lab comes with an extremely detailed Manual including step by step solutions.
Check out a sample (without related solution) here: Download a sample Lab Guide (without solutions)

# Lab Topic Category
1 This is a Box that students can access through RDP to find a full fledged environment with all the software and code samples included in our Exploit development modules of the System Security section of Professional training course.
Students will:
  • Use Dev C++, NASMX and Immunity Debugger to produce, compile and analyze code.
  • Analyze C++ applications vulnerable to Buffer overflows
  • Fuzz and Exploit real world applications
  • Write, encode and customize shellcodes
System Security
2 The student is given an entire /23 netblock as scope of engagement. This is a remote network protected by firewalls and no information is given about its hosts.
As a Penetration tester during the Information gathering phase, the student will have to apply all the appropriate techniques to:
  • Determine hosts that are alive using nmap
  • Enumerate DNS's, hostnames and domain names
  • Perform advanced DNS queries and transfers of zones
  • Detect firewalls
  • Map the remote network

Network Security
3 The student has to first perform host discovery against the remote network and then:
  • Use nmap to perform advanced TCP/UDP port scanning and determine open, closed and filtered ports
  • Determine the OS running on each host
  • Detect services running on each port
  • Perform 100% stealth port scans through Idle Scan
  • Use tools like Hping to craft packets, analyze response and find zombies for Idle Scan
  • Determine the role of each machine in the remote network
Network Security
4 Assessing vulnerabilities and exploiting them is the subject of this lab.
The student has to:
  • Master the use of Nessus to perform thorough Vulnerability scans
  • Determine an attack plan for the entire network
  • Exploit each machine with the most appropriate technique
  • Use Metasploit to gain access to the remote machines
  • Gain password hashes for all the users of the remote machine
  • Use advanced technique such as Pass-the-hash to exploit the entire network
Network Security
5 The student is exposed to a complex remote network with workstations accessible from the internet and a coporate intranet, made of multiple subnets, that the target organization wants to protect.
The student, is asked to prove that data can be extracted from the the Database Server residing within a DMZ of the organization.
The student will:
  • Perform Privilege escalation against different targets
  • Use different technique to maintain access to exploited machines
  • Harvest data, credentials and documents from the Organization Intranet
  • Map the internal network from remote
  • Determine the role of each internal machine
  • Perform a thorough investigation to work out a plan to penetrate the DMZ
  • Exploit weak authentication in protocols and services used in the Intranet
  • Infiltrate internal subnets through Pivoting using Metasploit
Network Security
6 Challenge your acquired skills against a real world corporation.
Infiltrate the corporate network by knowing nothing about it. Apply client side exploitation and web application attacks to obtain root access to one of the corporate networks.
The student will:
  • Perform a Blind penetration test
  • Apply sophisticated client-side exploitation against corporate workstations
  • Apply advanced web application attacks
  • Map the internal network from remote
  • Escalate privileges
  • Maintain access on the remote corporate network
Network Security
7 Mastering Nessus is the objective of this Lab. The student will become familiar with Nessus, and know exactly how to exploit its full potential.
The student will:
  • Perform a thorough vulnerability assessment of a network
  • Decide which plugins apply in different scenarios
  • Optimize scans through different configurations
  • Perform authenticated scans throughout the network for maximum results
  • Integrate Nessus and Metasploit
  • Perform automatic exploitation through Metasploit from Nessus results
Network Security
8 The purpose of this lab is to teach how to sniff, steal and crack credentials as well as how to obtain a shell on remote hosts. As a penetration tester the student has to first discover all alive hosts and then, through ARP poisoning, he must sniff all the communication within the network. Using Cain&Able, student will sniff and crack RDP, VNC, FTP credentials.
  • Perform ARP Poisoning attacks
  • Steal different protocols credentials
  • Crack passwords
  • Obtain a shell on different hosts
  • Bypass OS, Firewall and application security controls
Network Security
9 Access confidential documents in restricted shares within the organization network. You will exploit NetBIOS shares and null sessions.
The student will learn how to:
  • Test NetBIOS/SMB shares
  • Exploit weak passwords
  • Exploit null sessions
  • Find confidential documents
  • Gain access to corporate machines
Network Security
10 The student has to perform a penetration test from within the corporate network. He has to attack a real router, sniff all the data from within the organization, analyze the traffic and steal credentials.
The student will:
  • Attack the router through ARP poisoning
  • Sniff the switched network
  • Extract files and data from the network
  • Steal credentials
  • Map and explore network resources
  • Identify and Access sensitive data
Network Security
11 Access the corporate network using social engineering techniques and client side exploitation. The student will exploit a corporate workstation using the CVE-2012-4681 (java_jre17) and then gather information in order to find and exploit Linux Servers within the DMZ.
The student will learn how to:
  • Perform client-side exploitation against corporate workstations
  • Steal e-mails credentials
  • Map the organization internal network
  • Pivot to other networks
  • Fingerprint servers through pivoting
Network Security
12 The student is connected directly to the LAN network of the organizzation and he has to perform an internal Penetration Test. The network administrator stated that he has implemented a very strong password policy that is impossible to penetrate.
You have to perform:
  • Host discovery and Network Mapping
  • DNS resolution using Shell Script
  • Exploiting patched and non-patched machines using SMB Relay Attack
  • Manipulate network traffic with DNSspoof
Network Security
13 The student is going to do an internal Penetration Test and he is connected directly on the target organization LAN. The student knows that on each machine thre is a software firewall installed and that just few ports are opened.
You have to:
  • Scan the network and find vulnerable services
  • Discover a valid username and password
  • Obtain information with tools such as nmap, netdiscovery, snmpenum, hydra and metasploit
  • Get a shell on one of the remote machine
14 The purpose of this lab is to practice different privilege escalation techniques against a Windows 7 machine. The student can use different Metasploit modules, as well as manually create and upload a working exploit.
The student will learn how:
  • Use privilege escalation modules implemented into Metasploit
  • Create and use a privilege escalation exploit and manually gain SYSTEM privileges
  • Gather clear text password and accounts stored on the machine using tools such as mimikatz and incognito
15 The purpose of this lab is to practice different privilege escalation techniques against a Windows 7 machine. The student have to find wrong service configuration that may allow to escalate privileges on the remote machine.
The student will learn how:
  • Identify services configurations
  • Exploit vulnerable service implementation in order to escalate privileges to SYSTEM
  • Create and inject payload into existing binaries
16 Create your own exploit using several encoding tool and techniques and then test if different Antivirus programs identify your payload as a malicious threat.
You have to perform:
  • Create an exploit with msfpayload
  • Use msfencode to encode your exploit
  • Use veil to create and encode your exploit
17 In this lab you can practice with all the Ruby scripts explained in the training course Penetration Testing Professional.
You have to:
  • Extract information from nmap outputs
  • Create a Ruby TCP / UDP scanner
  • Create raw sockets
  • Forge packets
18 Challenge your Ruby programming skills against a real vulnerable service. The student has to detect a buffer overflow vulnerability affecting a remote service and write a working exploit with Ruby. Once the exploit is ready, the student will have to convert it into a working Metasploit module.
The student will learn how:
  • Find vulnerabilities on remote service
  • Create a Ruby exploit
  • Create a custom Metasploit module


Coliseum Lab

If you want to get deeper into practical Web application exploitation you can add 30 or more days of access to our unique and innovative Coliseum Lab WAS360.

Coliseum is a virtual lab running on our servers that will allow you to practice all the techniques that you will learn during the Web Application Security Section of our Professional v3 course, in a user-isolated sand-boxed environment running against 14 different real-world scenarios . Coliseum Labs also helps the student acquire real world skills readily usable in a current or future engagement.




How can I add Coliseum Lab WAS360 to the package?


You can click on Enroll and opt for one of the bundle packages that includes eLearnSecurity's Coliseum Lab WAS360.



Penetration testing course - Professional is a highly technical and in depth course.

Everyone with a solid background in Computing and Networking can enroll in this course.

If you are completely new to IT Security and Penetration testing we advise you to check out our course for beginners:

Penetration testing course - Student

If you are into IT Security and want to advance your career as Penetration tester you should have all the necessary
background to enroll in our course.

If you are unsure, please check the following guidelines.



Hardware required
For the Wi-Fi security section, we strongly recommend to have a Wireless Interface capable to inject packets. During the course we will use one of the most used Wireless adapter: Alfa AWUS036h. Moreover a wireless Access Point (with WEP,WPA,WPA2,WPS protections) is also required in order to configure Wi-Fi networks.



Minimum skills required
Before you enroll in the course you should have a grasp of how TCP/IP works.
If you are able to describe how two computers on the internet communicate with each other on a packet by packet basis, you are good to go.

You should have an understanding of programming languages such as C/C++ and PHP. This doesn't mean you have to be able to produce your own code: you should at least be able to understand the snippets of code that we will provide you during the training course.

Only three modules out of 19 total modules deal with C++/ASM.

Moreover, we do not request that you know Linux shell scripting.

Recommended skills
A good understanding of network protocols such as ARP, DHCP, routing protocols and network devices like routers and switches.

Knowing, even a little of C/C++, x86 and Assembler is recommended if you want to get the most out of our three most advanced modules such as exploit development, shellcoding and rootkit coding. This means that you are able to write even small programs on your own.

A basic understanding of the HTTP protocol, Cookies, Sessions and PHP is adviced although not mandatory (basics are covered in the course).


I don't reach the Recommended skills required. What should I do?


If you don't meet the Minimum required skills you are entitled to enroll in our course at your own risk.
We will do our best to help you fill the skills gap pointing you towards the right direction.
Moreover our course comes with life-time access to course material so you can always refer to external books or references,
when you encounter difficulties during the course.


If you don't meet the Recommended required skills you should not worry.
You can still enroll in our course and eventually use the help of our private forum to clear your doubts.
Our instructors will be there to help you with any kind of question related to the course and even the background skills that you would require.


Need help determining your level?


Please contact us through live chat or our contact web form. One of our consultants will be available to help.





Read what our clients, Industry experts and Leading Information Security websites say about us...



I think if you are looking for Penetration Testing Training this is a great choice, even if you have no desire to take the certification you can learn a lot just by studying the modules and applying yourself.
If you are just starting out (still studying or a fresh grad) I think the course and the certification will definitely have a positive effect on your career... and certainly makes economic sense when comparing to attending real life 5-day courses. It goes into a lot more depth than other courses and can really benefit your skills. I wish there was something like this in 1999 when I was starting out. The way in which the material is presented is a lot more interactive and interesting than many other courses out there with a good mix of words, images and videos plus a good theory/practical mix too. This makes it a lot easier as many of the topics within info sec can get very dry very fast.

Shaolin Tiger, Founder of

eCPPT curriculum is definitely a valuable security training which permits both professionals and beginners to significantly improve or update their skills in a minimal amount of time.

Frédéric Bourla, Head of Ethical Hacking Department at High-Tech Bridge SA

I could not be what I am today if I did not know Mr Armando Romeo. Last 2 years I was a beginner, and I took eCPPT. This course opened up my horizon in penetration testing. Since then, my life has changed. I wish to express my gratitude to eLearnSecurity's staffs and especially to Mr Romeo for his help. You pave the way for me to enter the real security world.

Pornsook Kornkitichai, Security Engineer at Kasikorn Bank

I took the eCPPT course due to the lack of actual certifications that prove you have the skills required to attack and actually penetrate targets. Most certifications simply prove that you can take an exam and learn theory, but I was very pleased with the requirements to pass this course as it shows you have the practical skills as well.

Simon Earl, Director at IT Security Experts Ltd

This is what the CEH/LPT* should have been, and I am delighted to say that if students can master the topics and techniques in eLearnSecurity's Penetration Testing Pro, they should be well on their way to being an accomplished pentester

Jason Haddix, Penetration tester at HP and founder of

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools. Covered in the course are much deeper understandings of topics such as buffer overflows (which, while I already understood the concepts, Armando and his team went out of their way to come up with the best high-level to low-level explanations I've read on the topic, for newcomers and seasoned professionals alike), Network Security, and Web Application Security. The coverage of these topics, and the amount of time they allow the student to access them, really helps to enforce good learning, with extended opportunity and study time, for an exceptional value. For anyone who is budget constrained, I'd say, with total confidence, that the value of eLearnSecurity's training meets and / or exceeds the value of many other programs available, and if one truly desires to learn the technical aspects of IT Security, it's a certification course well-worth the time and investment.

Timothy E. Everson MCNE CDE CLE CCNA CEH, Novell Inc.

The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen Armando

Denis Hancock, Manager Samurai at Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

The learning experiences was amazing! I have learned so much in such a short time. Would recommend to any one (even the more experienced of us) to take that course. You wouldn't believe how much you can still learn!

Oded Brilon, StrikeForce Engineer at CSC Australia

Unbiased third party reviews that you can find online:



*Comparison with v6 of CEH curriculum




If you have questions that you don't find answered here please contact us.


What software/hardware requirements are there?

You need to have a web browser with Flash plugin enabled.

In order to study the course you won't be forced to use any particular OS. However you will be provided with a copy of Backtrack or you can use your own. If you run Backtrack as a virtual machine, you are should have at least 2Gb RAM, 4GB is better.

An internet connection speed of at least 128Kbit/s. 256Kbit/s or higher is recommended.



How do you provide support?

As soon as you enroll in one of our courses you are provided with access to private forum where you will find instructors and community managers available to help you 24/7. Response time is usually a matter of hours (sometimes minutes).

Support for billing, technical and exam-related questions is also provided through email, ticketing service and live chat.



How can I pay?

We accept all major credit cards, Paypal, Wire transfer, 2Checkout, MoneyBookers and purchase order.

MoneyGram or Western Union are NOT accepted.



Can I request a refund if contents are too difficult for me?

We only process refunds/chargebacks for fraudulent transactions.



Are there any hidden fee?

There are no hidden fees. If you are from a country where VAT is required, you have to add VAT to our ticket price. We are legally obligated to collect VAT on your behalf.

There is no software to buy or renewal fees to pay and you get lifetime access to acquired course materials.



What happens when there's a new update to the contents?

You have lifetime access to course material and we will include minor updates to the contents free of charge. Minor updates include: an addition of a new module, a new video, bug fixes, improvements to labs, addition of a small number of new labs.

A major upgrade occurs when there is more than one new module added or the contents added are a significant portion of the material you acquired.

When we issue a new major upgrade you can upgrade to the new version with a minor upgrade fee, or keep your current version. The upgrade fee will be established proportionally to the amount of new content added and according to the time elapsed between your enrollment and the release of the new content. Note: if you enroll today and we issue a new major release you will get the new release for free.

There is no published update schedule and we reserve the right to issue minor or major updates when we see the need.



What is the difference between subscription and full plans?

The only substantial difference between the two plans is that you can have your payment diluted through the subscription plan while nothing changes in terms of the content you receive.



If I choose to pay through the subscription plan, can I still get certified?

Yes, you will be given an eCPPT voucher as soon as you get the entire material (on the 60th day from enrollment).

Your exam deadline will be counted starting from the day you are assigned the eCPPT voucher.



Can I cancel my subscription?

You can cancel your subscription at any time.
As soon as you enroll you will receive 2 logins: one to access our course material and another to access your billing panel on our payment gateway Plimus. By using the Plimus login here you can manage your subscriptions.

Our subscription is meant to facilitate the payment for the course, not for you to receive sections of our course separately.
Once the subscription is completed, your access to the course material is unlimited.



If I choose to pay through the subscription plan, how much do I pay and when?

Under the Subscription plan, you will be billed $349 immediately after enrolling in the course; $200 after 30 days; and the final $200 after 60 days.

Every payment entitles you to receive a new section of our course. After the three billing cycles you will have full life-time access to all our course material and the eCPPT voucher.


"Read this before signing up for any Penetration Testing Course"