No IT business can flourish without knowing its cyber strengths and weaknesses (gap analysis). A better cyber defense system can help organizations in achieving their business goals. At the same time, a poor or improperly configured cyber defense system can lead to irreparable loss. Organizations seek help of penetration testers to identify gaps between the deployed and desired cyber defense system of organizations. The gaps are covered on the basis of discovered loop-holes and recommendations of penetration testers. However, only a skilled penetration tester can find the security gaps and suggest the remediation. Finding a skilled penetration testing is also a challenge for the organizations. A rusty penetration tester can damage the physical assets and data of the organizations. There are a number of penetration testing certifications that are used as a reference by organizations to choose the right man (penetration tester) for the right job. Following is a brief overview of some of these recommended penetration testing certifications. The certifications show the level of penetration testers as some of these certifications can only be achieved by highly professional cyber-security experts.
Licensed Penetration Tester (LPT) by EC-Council
LPT is the advanced penetration testing certification offered by EC-Council. It is one of the most difficult certification to avail because of the exhaustive exam set for the interested penetration testers. LPT professionals are considered highly skillful in identifying networks, applications, and web based vulnerabilities. LPT professionals are known for out-of-the-box demonstration of penetration testing skills like finding vulnerabilities in complex systems, takeovers, and writing professional exploit codes.
LPT Exam Oview: LPT is a fully online and remotely proctored exam. The exam is divided into three challenging categories designed with the collaboration of practitioners and Small & Medium Size Enterprises (SMEs) from all over the world. The time to complete tasks/challenges in each category is 6 hours. There are no pre-requisites to take LPT exam. However, the exam is not recommended for novice penetration testers since only the masters in penetration testing can pass the 18 hours exhaustive exam. EC-Council also offers LPT training to those interested in taking LPT exam. The course modules defined by EC-Council are as follows.
|Module 1||Introduction (Vulnerability Assessment & Penetration Testing)|
|Module 2||Information Gathering Methodology|
|Module 3||Scanning and Enumeration|
|Module 4||Identify Vulnerabilities|
|Module 6||Post Exploitation|
|Module 7||Advanced Tips and Techniques|
|Module 8||Preparing a Report|
|Module 9||Practice Ranges|
GIAC Penetration Tester (GPEN)
Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) certification is offered by GIAC. The certification is aligned with SANS (for-profit organization that specializes in information security) to ensure high level of skills and expertise of GPEN certification holders. GPEN focuses on key areas of penetration testing and legalities bounded with the penetration testing.
GPEN Exam Overview: There is no specific training or prior experience required to take GPEN exam. GPEN exam consists of one proctored exam containing 82-115 questions. The exam duration is three hours with a minimum of 74% passing marks percentage. GIAC official page suggests the following topics/areas to the professionals interested in taking GPEN exam.
|· Advanced Password Attacks Methodologies||· Attacking Password Hashes|
|· Escalation and Exploitation Concepts||· Fundamentals of Exploitation|
|· Metasploit Framework Usage||· Moving Files with Exploits|
|· Password Attacks Types||· Password Formats and Hashes|
|· Reconnaissance Fundamentals||· Penetration Test Planning|
|· Scanning and Host Discovery||· Vulnerability Scanning Concepts|
|· Web Application Injection Attacks||· Web Application Reconnaissance|
|· XSS and CSRF Attacks|
|· Penetration Testing with PowerShell and the Windows Command Line|
IACRB Certified Penetration Tester (CPT)
Information Assurance Certification Review Board (IACRB) offers CPT certification to those who want an endorsement of their penetration testing skills and knowledge. The variety of domains covered in CPT exam ensures the versatility of CPT holders in the field of penetration testing.
CPT Exam Overview: The CPT exam comprises of 50 Multiple Choice Questions (MCQs) from 9 different domains with a passing percentage of 70% minimum. The exam duration is 2 hours. The domains covered in CPT exam are as follows.
|· Penetration Testing Methodologies||· Network Protocol Attacks|
|· Network Reconnaissance||· Vulnerability Identification|
|· Windows Exploits||· Unix/Linux Exploits|
|· Covert Channels & Rootkits||· Wireless Security Flaws|
|· Web Application Vulnerabilities|
Certified Expert Penetration Tester (CEPT)
CEPT offered by IACRB is an expert level penetration testing certification that is based on job-duties of highly professional penetration testers. CEPT certification validates the individual’s knowledge and skills required for analyzing the security of networks, computers, applications, and software.
CEPT Exam Overview: The CEPT exam consists of MCQs as well as practical demonstration of penetration testing skills. There are 50 MCQs in the first part of the exam. The allotted time to solve 50 MCQS is 2 hours. The passing percentage is 70%. CEPT exam covers the following pro-level domains in order to test the individuals’ abilities to accept the penetration testing challenges.
|· Penetration Testing Methodologies||· Network Attacks|
|· Network Reconnaissance||· Windows Shellcodes|
|· Linux & Unix Shellcode||· Reverse Engineering|
|· Buffer Overflow Vulnerabilities||· Exploit Creation – Windows Architecture|
|· Exploit Creation – Linux/Unix Architecture Web Application Vulnerabilities|
PenTest+ is an intermediate level penetration testing certification offered by CompTIA. The certification validates management skills (manage weaknesses), domain knowledge, and the practical expertise of the PenTest+ certification holders.
PenTest+ Exam Overview: The current CompTIA PenTest+ exam consists of 85 performance-based and knowledge-based questions. The duration of the exam is 165 minutes. PenTest+ passing score is 750 points on 100-900 score-based scale. The exam determines the individual’s knowledge and hands-on experience in the following domains/areas.
|· Planning and Scoping (Management Skills)||· Legal and Compliance Knowledge|
|· Vulnerability Scanning||· Penetration Testing|
|· Data Analysis||· Report Writing and Presentation|
Certified Red Team Operations Professional (CRTOP)
CRTOP is another expert level penetration testing certification offered by IACRB. CRTOP validates the red team skills of the security professionals. CRTOP body of knowledge consists of domains that cover the role and responsibilities of red team professionals.
CRTOP Exam Overview: CRTOP consist of 50 MCQs to be solved in 2 hours’ time. The passing score for CRTOP is 70%. The exam is based on the following seven domains to validate the red teaming skills of the individuals interested in CRTOP exam.
|· Roles and Responsibilities of Red Team||· Assessment Methodology of Red Team|
|· Physical Reconnaissance Tools and Techniques||· Digital Reconnaissance Tools and Techniques|
|· Identification and Mapping Vulnerabilities||· Social Engineering Techniques|
|· Reporting the Red Team Assessments|