Various trainings and courses can help beginners a lot in gaining common penetration testing skills and getting a good organic understanding of a penetration testing workflow. Of course, there are also some specialized advanced courses for experienced professionals who want to go deeper into particular dedicated topics.
Such training programs offer their attendees final exams and certifications, which can prove that they have learned courseware and are able to successfully use their acquired skills.
Moreover, some companies that order penetration tests require a penetration tester to have some proofs of his qualification including related certificates. Taking all that information into consideration, you probably should think about getting appropriate training if you are going to work as an ethical hacker seriously. So, let's provide some options and review several applicable certification programs.
The following information is taken from the website http://www.eccouncil.org:
"The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various information security and e-business skills."
EC-Council offers a so-called security track that includes three well-known certification programs suitable for penetration testers:
- Certified Ethical Hacker (CEH) (https://www.eccouncil.org/Certification/certified-ethical-hacker) is one of the popular and well known certification programs. It consists of a 5-day training followed by an exam and a certification if an exam was passed successfully. The certificate has to be maintained with CPE (Continuing Professional Education) points that you gain during a year, for example, by attending other trainings and seminars, writing books, and teaching other people. You have to report CPE points to update your certification status regularly.
We would not call it a deep course for mature professional penetration testers, but it can be very useful for beginners because it gives a good overview of the typical attack types and techniques and the variety of tools to execute them.
- Certified Security Analyst (ECSA) is the next one, middle-level course in the security track. It also consists of a 5-day training and exam, but in this case the course describes more the security concepts and pays more attention to security assessment and reporting. The exam is available only after submitting a report of performing various penetration testing tasks in a lab environment.
- Licensed Penetration Tester (LPT) is the last and the highest level (master) of the penetration testing security track awarded by EC-Council based on the results of a real-world hacking of a network infrastructure in a given timeframe and proper reporting of the results.
In order to get any of EC-Council's certificates, you have to accept EC-Council's code of ethics where you basically agree to act as a white-hat hacker (ethical hacker) only and do not use your acquired skills with bad intentions.
Offensive Security (https://www.offensive-security.com) is not a training course or certificate, but a well-known company that presents us with such a wonderful security testing toolbox as Kali Linux (former Backtrack Linux). But apart from that, they also perform penetration testing and educate people on how to do it in the form of online and offline specialized training. Their certification portfolio consists of:
- OSCP (Offensive Security Certified Professional): The course is about general hacking techniques, penetration testing workflow, and reporting. In order to attend an exam, you have to finish the course PWK (Penetration Testing with Kali Linux) and submit a lab hacking report.
- OSCE (Offensive Security Certified Expert): The next level after OSCP training includes advanced techniques and tricks. The exam is available after finishing the course CTP (Cracking the Perimeter).
- OSWP (Offensive Security Wireless Professional): This is a practical wireless hacking certification. The prerequisite for the exam is a finished WiFu (Offensive Security Wireless Attacks) course.
- OSEE (Offensive Security Exploitation Expert): The certification name makes it pretty clear what is it about. The exam becomes available after finishing the course AWE (Advanced Windows Exploitation).
- OSWE (Offensive Security Web Expert): This is a web application penetration testing certification. As usual, you will have to finish a certain course (AWAE or Advanced Web Attacks and Exploitation) and submit a lab hacking report in order to attend the exam.
All Offensive Security trainings are practical and hands-on, and they are the most recommended by us among other certifications and courses.
There's another well-known certification authority definitely worth mentioning: Global Information Assurance Certification (GIAC). They have various information security certification programs, but the most relevant to us are as follows:
- GPEN (GIAC Penetration Tester)
- GWAPT (GIAC Web Application Penetration Tester)
- GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)
- GAWN (GIAC Assessing and Auditing Wireless Networks)
- GMOB (GIAC Mobile Device Security Analyst)
For more information on GIAC programs, you can visit their website and find all the necessary information (http://www.giac.org/certifications/categories).