12 Penetration Testing Certification Options To Know | Built In

These cybersecurity credentials prove you’re a hacker with a heart of gold.

Penetration testing is a lot like hacking. Both involve scanning devices, software and wireless networks for tiny security vulnerabilities. The only difference is the underlying intentions: penetration testers work for tech companies, reporting any cybersecurity issues so they can get patched. Hackers intend to hack, and penetration testers intend to help.

The line between the two is porous though. A multitude of hackers have parlayed major hacks into job offers. What better way to prove you’ll be a strong penetration tester than to actually penetrate a high-profile, allegedly “secure” system?

Well — there actually might be a better way. A history of hacking shows talent but seeds trust issues. A penetration testing certification offers another path — a way to show practical ability, but in a simulated environment that doesn’t embarrass prospective employers. Below, we’ve rounded up the 12 top penetration testing certification options.

The Global Information Assurance Certification, or GIAC, offers a variety of penetration tester certifications that range from general to hyper-specialized. Each one requires participants to pass a proctored exam, available at Pearson VUE’s 3,500 testing centers worldwide. (Students can also find their own proctors.) To prepare, students can enroll in GIAC prep courses at the SANS Institute, a prominent cybersecurity training institution.

This pentest certification covers a mix of security strategies and penetration testing fundamentals. The exam requires an understanding of the mechanics of denial-of-service attacks, client attacks and other popular attack modes, plus the specific techniques and tools hackers use to execute them. At the same time, test-takers should know how to prevent and contain these attacks. All told, the certification exam takes four hours and consists of over 100 questions — some multiple choice, others lab-based.

More on Cybersecurity17 Public Cybersecurity Companies Being Traded Today

This certification focuses on cybersecurity for enterprise IT systems, whose size, scale and 24/7 activity require unique assessment methods. The two-hour, 75-question certification exam focuses on assessment techniques like network scanning and PowerShell scripting, plus appropriate vulnerability assessment frameworks. Test-takers should also know how to appropriately resolve and report security issues when they occur.

This certification means a penetration tester can exploit the slightest gap in wireless network security with fuzzing attacks, bluetooth attacks, high-frequency RFID attacks and much more. The certification exam requires not only familiarity with how these attacks work, but also expertise on how to identify and defend against them. The certification exam consists of 75 questions and takes two hours.

This penetration testing certification focuses on smartphone, tablet and app security, a complicated and still-evolving field. (Even on relatively secure iPhones, apps can feed data to thousands of third-party trackers in a single week.) To pass the 75-question exam, which lasts two hours, test-takers should know how hackers unlock and root mobile devices on various operating systems. They should also know how to protect data on stolen and malware-infected devices.

This certification focuses on the unique challenges of web apps. Not quite mobile apps, and not quite traditional websites, these responsive creations adapt to the user’s device and often face attacks like cross-site request forgery, client injections, authentication attacks and more. The exam runs two to three hours with as few as 82 and as many as 115 questions. Users need deep knowledge of possible attacks and related penetration testing techniques.

This certification assesses general penetration testing expertise, with an emphasis on process. The three-hour certification exam covers the three key stages of an exploit: reconnaissance, attack and escalation. The questions cover a handful of specific attack styles, too, like password attacks and web application injection attacks. The exam lasts three hours and contains 82 questions.

This pentest certification focuses on advanced penetration testing techniques — think fuzzing, shellcode scripting and exploiting stack overflows. Composed of 60 questions, the three-hour certification exam focuses primarily on network exploits and attacks on Linux and Windows systems. It also touches on the ability of penetration testers to communicate the value of what they do in business terms.

The EC-Council, also known as the International Council of E-Commerce Consultants, has certified more than 20,000 tech professionals working at companies like Microsoft and IBM, and received endorsements from federal agencies including the NSA. Students can take their penetration tester certification exams at a variety of testing centers and prep for them in digital and in-person training sessions administered by the council.

This certification requires test-takers to pass a four-hour, multiple-choice exam on the fundamentals of penetration testing. Though the test is never the same twice — the 125 questions are always pulled randomly from a variety of question banks — it can cover topics like malware, session hijacking, SQL injection, cryptography and more. The exam can be taken in a physical testing center, or remotely with a digital proctor. To be eligible for it, students either need to have taken the EC-Council prep course or have two years of on-the-job cybersecurity experience.

To attain this penetration tester certification, people who have already passed the Certified Ethical Hacker exam must pass an additional six-hour practical exam. It consists of 20 timed, hands-on challenges, which could involve packet sniffing, OS banner grabbing and leveraging of computer worms and malware. Test-takers must complete their challenges on live networks almost indistinguishable from real enterprise networks. An extra dose of realism: the exam, like life, is open-book.

This certification, the most rigorous the EC-Council offers, takes multiple days. Test-takers can opt for either a 24-hour exam or to take the exam in two 12-hour components. They are set loose in a variety of sophisticated, multi-layered networks, all rooted in impressive hardware: 180 machines with more than 4,000 GB of storage. The exam consists of nine challenges in which test-takers must use techniques like multi-level pivoting, SSH tunneling and privilege escalation to evade the elaborate security and militarized zones.

This certification’s 165-minute exam requires an impressive breadth of penetration testing knowledge. Composed of up to 85 questions, it asks test-takers to pinpoint security vulnerabilities in traditional desktops and servers as well as mobile and cloud environments. Practical skills emphasized throughout include the ability to analyze Python and Bash code, or exploit vulnerabilities in apps and Bluetooth connections.

This certification in penetration testing with Kali Linux culminates in a grueling practical exam. Just like some real-world cybersecurity crises, it lasts a full 24 hours and focuses on a simulated penetration test on Offensive Security’s isolated VPN. To pass, test-takers must demonstrate knowledge of client-side and remote attacks. Along the way, they might need to exploit buffer overflow, evade antivirus protections and tunnel through firewalls. Ultimately, though, like most penetration testing simulations, this exam rewards quick and creative thinking.