Practical web application security certification covering SQL injection, XSS, SSRF, authentication bypass, and advanced web exploitation. Designed for bug bounty hunters and web security professionals.
Sign in to rate this certification and share your experience.
Sign in to RateAggregated from "bug bounty cert pathway" threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
For bug bounty hunters / web app pentesters, CBBH + BSCP the modern budget-friendly stack. CWEE the natural HTB next step for advanced web exploitation.
Aggregated from CBBH completion-journey threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
Self-paced path is extensive (~300 hours). Most complete in 4–6 months alongside other work. Report-writing component takes practice — practice during prep, not just labs.
Aggregated from "CBBH vs BSCP" threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
Compared to BSCP: CBBH broader scope (more report-writing, longer exam, more diverse vulnerabilities). BSCP cheaper. Both gaining strong HR recognition in 2024-25.
Aggregated from r/bugbounty CBBH threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
HackTheBox Academy's bug bounty cert. ~$8–$15/month subscription covers full prep path. Hands-on, end-to-end exam (7-day pentest + report). Web app pentest focused.
Official prep path. Subscription unlocks all required modules + exam voucher.
Free web security training — excellent supplementary prep for CBBH.
Real bug bounty reports — invaluable for understanding professional report-writing.
Some links may earn us a small commission. This doesn't affect our ratings or the prices you pay.
Remote Proctored
Test center only
Exam Languages
Study Time
~150 hours