Licensed Penetration Tester (Master)

EC-Council brings to you a new range of real world challenges that will not only test your Pen-testing skills but guarantees you an experience that is not built for the weak hearted. If you have been looking for a way to test your Pen-testing abilities, this is your chance to prove you have what it takes.

LPT (Master) certified professional can:

  • Demonstrate a repeatable and measurable approach to penetration testing
  • Perform advanced techniques and attacks to identify SQL injection, Cross site scripting (XSS), LFI, RFI vulnerabilities in web applications
  • Submit a professional and industry accepted report that achieves management and technical buy-in
  • Get access to proprietary EC-Council penetration testing methodologies
  • Write exploit codes to gain access to a vulnerable system or application
  • Exploit vulnerabilities in Operating systems such as Windows, Linux
  • Perform privilege escalation to gain root access to a system
  • Demonstrate ‘Out-of-the-box’ and ‘lateral’ thinking
  • Ensure the integrity and value of the penetration testing certification, in a fully online, remotely proctored certification exam

LPT (Master)

Being an LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques. Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. This completely hands-on exam offers a challenge like no other by simulating a complex network of a multi-national organization in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.

About the ProgramKey ElementsRemote ProctoringWho is it for?Application processRenewal Cycle, Certification Fees & ECE SchemeHow is the exam conducted?LPT (Master) Credential

About the Program

The LPT (Master) is the world’s first fully online, remotely proctored LPT (Master) practical exam, which challenges the candidates through a grueling 18 hours of performance based, hands-on exam categorized into three practical exams for six-hour duration each, which will test your perseverance and focus by forcing you to outdo yourself with each new challenge. The exam requires the candidates to demonstrate a methodical approach to test and validate security defenses. The LPT (Master) exam is developed with close collaboration with SMEs and practitioners around the world after a thorough job role, job task, and skills-gap analysis.

Key Elements

Real world, performance based assessment:
The successful candidates need to demonstrate a mastery of the skills required to conduct a full black box penetration test that simulates a complex network of a multi-national organization in real time. The exam environment via EC-Council’s cloud based cyber range, iLabs, has multiple networks with different militarized and de-militarized zones. You will follow the entire process of “Cyber kill chain”, taking you from reconnaissance, scanning, enumeration, gaining access, maintaining access, then exploiting vulnerabilities that you will have to seek out in a network that only a true penetration tester will be able to break.

Methodical Approach:
To build on the technical skills taught in the Certified Ethical Hacking course, the repeatable and documentable methodology provided in the EC Council security analyst program , the EC-Council LPT (Master) course emphasizes application of this methodical approach to penetration testing. The LPT (Master) practical exam thoroughly tests the application of the penetration testing process and lifecycle knowledge and the skills required in an examination that even our reviewers have called “extremely challenging”.

Penetration test report:
Many have described report writing as one of least preferred, yet arguably one of the most critical parts of any penetration testing engagement. While so many cyber security courses are offered globally to cover various subjects in the penetration testing realm, hardly any are dedicated to this very important skill, especially almost since half of all time spent at any penetration testing engagement can revolve around writing and reporting the core findings of the engagement to the client.

The key skill also lies in communicating a highly technical finding in an elaborate penetration test engagement to someone to the senior management and the board of directors can be very challenging and frustrating at times. Mastery of communication, research and report writing is required to make sense of technically complex topics like specific vulnerabilities and their resulting exploits in a meaningful manner to make educated decisions to improve the security posture of the organization. The candidates are required to submit a comprehensive report of their findings, methodology used, corroborative screenshots, scripts, custom exploits, or any other method they have used to penetrate the network within 45 days after completing the three challenges. The submitted report should be very clear, so that we should be able to compromise the target again by following the report.

Remote Proctoring

EC-Council launches the first ever remotely proctored online Pen-Testing Exam as a mechanism to ensure the authenticity of the test taker. This not only adds credibility to the overall title but also eliminates external influences that can change the exam outcome. While this test does not limit the test taker to explore his research skills and take advantage of documented resources available, it keeps a check on the individual capability of dealing with the challenges by himself.

Who is it for?

  • To be eligible to apply to sit for the LPT (Master) Exam, candidate must either. Be an ECSA member in good standing (Your USD100 application fee will be waived);
  • or Have a minimum of 2 years working experience in pentesting (You will need to pay USD100 as a non-refundable application fee);
  • or Have any other approved industry certifications such as OSCP or GPEN cert (You will need to pay USD100 as a non-refundable application fee)

Application process

Applicants must apply directly to EC-Council via the online web form and provide the following:

  • A copy of police verification from applicant’s local law enforcement agency or EC-Council Declaration of No Criminal Conviction Form; EC-Council Code of Conduct (COC) Form
  • Updated Resume documenting penetration testing experience or skill
  • Approved applicants must purchase the Licensed Penetration Tester (Master) Exam Kit via EC-Council online store within 3 months of receiving the approval email (the approval will expire post the 3 months and applicants will have to reapply and remit the USD100 non-refundable application fee again). The LPT (Master) exam kit consists of:
    • Aspen LPT (Master) Dashboard Access Code (applicants have a 45 day window to submit their reports from activation date/code is valid for 3 months from the date)
    • A 2 year LPT (Master) License is included in the LPT (Master) Exam Kit valid for 2 year license / subject to ECE and renewal requirements)

Renewal Cycle, Certification Fees & ECE Scheme

The certification is valid for 2 years from the date of approval and members must then renew annually.

For renewals, members will need to remit USD250 per annum which can be done at our online store.

LPT (master) certification falls under the ECE Policy. Members must ensure that they meet the ECE requirement.

Should you have any queries, please do not hesitate to write in to

How is the exam conducted?

  1. Upon the completion of the web form, you will receive further instructions requiring you to submit a list of documents within the next 2 working days.
  2. If your documentation submission is complete AND your application is approved, further instructions will be emailed to you on the purchase the LPT (Master) Exam Kit for USD 899. The LPT (Master) exam kit consists of:
    • Aspen LPT (Master) Dashboard Access Code (applicants have a
      45 day
      window to submit their reports from activation date/code is valid for 3 months from the date)
    • A 2 year LPT (Master) License is included in the LPT (Master) Exam Kit valid for 2 year license / subject to ECE and renewal requirements)
  3. You will have 3 months from the date your application is approved to purchase your LPT(Master) exam kit, Should you fail to complete this purchase within this period, you will be required to resubmit your application along with a payment of USD 100.
  4. You will earn the LPT (Master) certification only if you have successfully met the requirements as listed below:
    • Completed all 3 levels of the exam
    • Completed at least 1 challenge successfully from each of the 3 levels
    • Have a minimum score of 5 out of the total 9 challenges
    • EC-Council has accepted the final report submitted
  5. Retake policy is applicable as below:
    • Retake exam vouchers can be only purchased should a student fail by writing to
    • Each level of challenge can be attempted only 2 times
    • Retake exam voucher will be priced at $399
    • Retake voucher release will be released in 2 working days
      upon receipt of payment
    • Retake orders will be handled by
      , the retake exam voucher will be sent to the registered email ID only.
    • Report submission can be extended for 7 days only by paying $100 as long as the dashboard is active
      (within 45 days window). Should the dashboard expire the candidate will need to purchase a new kit.
    • There is no limit on the number of times the candidate purchases the entire new kit.

Please write to if you require more information.

LPT (Master) Credential

  • Successful candidates will receive the LPT (Master) Welcome Kit consisting of:
    • Membership card
    • Printed Certificate
    • LPT (Master) Plaque
    • Welcome Letter
    • Lapel Pin
    • EC-Council LPT (Master) T-shirt
  • The LPT(Master) license is valid for 2 years. After the initial 2 years, members will have to renew their LPT (Master) license by remitting the annual USD250 renewal fee.
  • Members are required to fulfil their ECE requirements to remain in good standing.



Member Name Country Designation Company/Organization
Adarsh Nair India Senior Security Analyst DUST Global
Adithya Naresh India Cyber Security Consultant SAP Labs India
Arthur Donkers Netherlands Security Officer SSO Noord
Belly Rachdianto Indonesia Senior IT Security Consultant and Trainer APAC System Integration
Cristian-George Mocanu Romania Senior Consultant Cyber Security and Penetration Testing Deloitte
Daniel Sewell USA Lead Cybersecurity Engineer Alpine Security, LLC
Derek Maxey USA Senior Staff Software Engineer Lockheed Martin
Fabrício Giglio Brazil Senior Information Security Engineer Tech Mahindra
Hans Minten Netherland Security Analyst wehkamp
Jean Saad Lebanon Cloud Security Specialist Cirrus
Mark Horvat Australia Director & Principal Security Consultant Black Swan Group
Himanshu Mehta India Team Lead Symantec
Mustafa Mohsen Egypt Security Solution Expert Orange Business Services
Nathan Jones UK Technical Director Arcadeus OPS
Sanehdeep Singh India Manager Controlcase
Sergey Klevogin Russia Lead Instructor Bauman University
Stephen Corbiaux Belgium Security Specialist Davinsi Labs



LPT (Master): Extremely Challenging and One of The Toughest Exams

by Mark Horvat

I am a Director and Principal Consultant at Black Swan Group. I specialize in risk assessments, white hat hacking, vulnerability assessments…

Proud to attain the LPT (Master) Credential

by Ali Isikli

As an industry veteran with over 21 years of experience in the defense industry, I challenge myself to constantly upgrade my skills…

Converting Fear into Confidence with LPT (Master)

by Adithya Naresh

I am a cybersecurity consultant with SAP Labs. My area of responsibility include software security, exploitation, reverse engineering, and web security…

LPT (Master) Rocks!

by Sergey Klevogin

I am the lead instructor in Computer Training Center “Specialist” in a Technical University in Russia, which enrolls around 85,000 students annually, making it the largest in Russia…

Real Life Penetration Testing with LPT (Master)

by Moustafa Mohamed Mohsen

As a Senior Security Engineer in Orange Business Services, I have six years of experience in the information security industry…

Clause: Age Requirements and Policies Concerning Minors

The age requirement for attending the training or attempting the exam is restricted to any candidate that is at least 18 years old.

If the candidate is under the age of 18, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center/EC-Council a written consent of their parent/legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institution of higher learning shall be considered.

Disclaimer: EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.



1. Why should I be licensed?

Penetration testers today have been certified by different agencies. But are they trusted? Do they follow a code of ethics? The answer is no. The Licensed Penetration Tester (LPT) program offered by EC-Council gives certified penetration testers the opportunity to practice their skills so that they are able to function as a licensed penetration tester. EC-Council’s licensed penetration testers use hands-on penetration testing methodologies and are trained by experts and specialists who are licensed penetration testers from EC-Council.

2. I am already a Penetration Tester, why do I need to be a Licensed Penetration Tester?

Being a penetration tester would be of little help in this insecure world. Corporate organizations today are looking for penetration testers who can analyze vulnerabilities of the network and who can be trusted not to disclose network vulnerabilities to competitors. Thereby, many companies would be looking for a Penetration Tester who is licensed to carry out these tasks and who has hands-on experience in penetration testing.

3. What is the difference between a Licensed Penetration Tester and a Certified Ethical Hacker?

A Certified Ethical Hacker would be an individual who is trained in mastering hacking technologies. A Licensed Penetration Tester is a professional who is equipped with a License to conduct penetration testing of corporate networks. Licensed Penetration Testers are preferred over non-licensed ones by companies for recruitments/assignments.

4. Why do I need to supply police verification?

Police verification is preferred, though not mandatory. However, one of the requirements of being able to avail a license in Penetration Testing is that the candidate should be able to supply a photocopy of his / her criminal background check that is available through any local law enforcement agency. The document should certify that the individual does not have any criminal record / background.

5. What benefits does the EC-Council’s License for Penetration Testing give?

With the Licensed Penetration Testing (LPT) program from EC-Council, companies are assured that Licensed Penetration Testers are being taught, tested and licensed by a globally recognized and professionally managed body like EC-Council. Thus, organizations can be completely assured and confident of the deliverables of the Licensed Penetration Tester certification authorized by EC-Council. This can be compared to availing a driving license from your license issuing authority.