With the COVID, the digital transformation in our life accelerated beyond expectations. Billions of people are now working, shopping, learning, and socializing online. This sudden shift also attracted cybercriminals who target organizations and end-users. Thus, the change is also made cybersecurity professionals one of the most popular jobs in the market.
Although there are thousands of free online courses and lessons about cybersecurity, most employers only hire candidates with well-known certifications from this field. Achieving a prestigious certificate early in your career may allow you to find your dream job and enable you to achieve your goals even faster. So let’s take a close look at some certifications that can help you with your cybersecurity career.
Table of Contents
Offensive Security Certified Professional (OSCP)
| Exam type | Proctored practical exam |
| Exam duration | 24 hours |
| Exam validity | Forever |
| Passing score | 70 points |
| Exam cost | $999 |
The official OSCP (Offensive Security Certified Professional) certification is issued by Offensive Security, creators of Kali Linux distribution. The program, also known as PEN-200, allows attendees to learn at their own pace with flexible subscription options. The popular certification program mainly focuses on Penetration Testing with Kali Linux. It also allows attendees to test their skills with exam machines in a lab environment.
Offensive Security Certified Professional program includes lessons about penetration testing tools and required techniques with a hands-on approach. The course also aims to teach the mindset required to be a successful penetration tester. Attendees who succeed in the exam earn the coveted Offensive Security Certified Professional (OSCP) certification. The certification is one of the most essential ones for infosec professionals, pentesters, cybersecurity specialists, and network administrators. The OSCP exam cost is starting from $999 depending on the lab access duration.
Prerequisites of Offensive Security Certified Professional (OSCP)
- Solid understanding of TCP/IP networking
- Reasonable Windows and Linux administration experience
- Familiarity with basic Bash and/or Python scripting
Certified Expert Penetration Tester (CEPT)
| Exam type | 50 questions multiple choice and three-step practical examination |
| Exam duration | 2 hours |
| Exam validity | Four years |
| Passing score | 70% |
| Exam cost | $499 per exam |
CEPT (Certified Expert Penetration Tester) certification is designed for attendees who have expert-level knowledge and skills in penetration testing. The certification, issued by IACRB, a not-for-profit organization, includes 9 domains related to job duties of expert-level penetration testers: Penetration Testing Methodologies, Network Attacks, Network Recon, Windows Shellcode, Linux & Unix Shellcode, Reverse Engineering, Memory Corruption/Buffer Overflow Vulnerabilities, Exploit Creation – Windows Architecture and Exploit Creation – Linux/Unix ArchitectureWeb Application Vulnerabilities.
During the exam, attendees should demonstrate their penetration testing skills in a two-part exam. The first part consists of 50 multiple choice questions, chosen randomly from a list of questions. Candidates who answer 70% of the questions correctly for passing the multiple-choice exam. The second part includes a three-step practical examination. CEPT exam cost is $499 per exam.
CompTIA PenTest+
| Exam type | Performance-based and multiple choice of 85 multiple choice questions |
| Exam duration | 165 minutes |
| Exam validity | Three years |
| Passing score | 750 (on a scale of 100-900) |
| Exam cost | $370 |
CompTIA’s PenTest+ certification focuses on covering all penetration testing stages by using both performance-based and knowledge-based questions. PenTest+ doesn’t only include vulnerability assessment, scanning, and analysis, but also focuses on planning, scoping, and managing weaknesses. Candidates who want to pass the exam should demonstrate their skills in cloud, hybrid environments, web applications, the Internet of Things, and on-premises.
PenTest+, compliant with ISO 17024 and approved by the US DoD, covers the latest techniques against expanded attack surfaces. Candidates must have a 750 score, on a scale of 100 to 900, to pass the exam which includes 85 performance-based and knowledge-based questions. CompTIA Pentest+ exam costs $370.
Prerequisites of CompTIA PenTest+
- Network+, Security+ or equivalent knowledge.
- Minimum of 3-4 years of hands-on information security or related experience.
GIAC Penetration Tester (GPEN)
| Exam type | 1 proctored exam, 82 questions |
| Exam duration | 3 hours |
| Exam validity | Four years |
| Passing score | 75% |
| Exam cost | $2499 |
The GIAC Penetration Tester certification (GPEN), issued by GIAC Certifications, validates an IT Professional’s ability to conduct a penetration test properly. To be able to achieve the certificate, candidates must have the knowledge and skill to conduct exploits and handle penetration testing projects with a process-oriented approach. The certification program covers pen test planning, scoping, and recon, as well as scanning, exploitation, post-exploitation, pivoting, password attacks, and web app pen-testing.
GIAC Penetration Tester is designed for network and system security personnel, penetration testers, ethical hackers, red team members, blue team members, defenders, auditors, and forensic specialists. The program also offers hands-on, real-world practical testing with CyberLive, a lab environment created by GIAC to allow candidates to prove their knowledge, understanding, and skill with actual programs, actual codes, and virtual machines. The passing scıre for the 3 hours exam is 75% for all candidates. GIAC Penetration Tester exam costs $2.499.
GIAC Web Application Penetration Tester (GWAPT)
| Exam type | 1 proctored exam, 82-115 questions |
| Exam duration | 2-3 hours |
| Exam validity | Four years |
| Passing score | 71% |
| Exam cost | $2499 |
The GIAC Web Application Penetration Tester certification, aka GWAPT, is also issued by GIAC certifications. The program validates the candidates’ ability in penetration testing and understanding of security issues that can be found in web applications. To achieve the certificate, candidates must demonstrate their knowledge related to web application exploits and penetration testing.
The GIAC Web Application Penetration Tester covers web applications, authentication attacks, configuration testing, web application session management, SQL injection, testing tools, cross-site request forgery and scripting, client injection attacks, and reconnaissance, and mapping. GAWPT is designed for security practitioners, penetration testers, ethical hackers, web application developers website designers and architects. GAWT also allows candidates to try their skills in a lab environment, CyberLive which is also developed by GIAC. The passing score for the 82-115 questions exams is determined to be 71% for all candidates. GWAPT exam cost is $2499.
Licensed Penetration Tester (Master) (LPT)
| Exam type | Proctored practical exam |
| Exam duration | Either two 12-hour sessions or a single 24-hour exam |
| Exam validity | Three years |
| Passing score | 70% for CPENT and 90% for LPT (Master) |
| Exam cost | $999 |
LPT (Licensed Penetration Tester (Master)) certification, issued by EC-Council, validates candidates’ penetration testing skills against a multi-layered network architecture with defense-in-depth controls. Candidates will need to maneuver web applications and host penetration testing tools to complete the challenges. The course, which is a part of EC-Council’s Certified Penetration Testing Professional, includes advanced windows attacks, attacking IoT systems, and writing exploits with advanced binary exploitation.
Candidates will be able to choose either a single 24-hour exam or two 12-hour sessions for the exam. While scoring 70% is enough for becoming a CPENT, candidates who score at least 90% can earn LPT (Master) designation. The exam includes multiple advanced penetration testing concepts, including fuzzing, PowerShell scripting, BASH, Python, Perl, and Ruby environments, scripting, and mobile device penetration testing. The Licensed Penetration Tester exam cost is $999.
Advanced Web Attacks and Exploitation (AWAE)
| Exam type | Proctored practical exam |
| Exam duration | 48 hours |
| Exam validity | Forever |
| Passing score | 85 (0-100) |
| Exam cost | $1299 |
AWAE (Advanced Web Attacks and Exploitation), also known as WEB-300, is a popular certification issued by Offensive Security, creators of Kali Linux. The program includes the technical knowledge to conduct white box web app penetration tests. Candidates who can pass the test earn Offensive Security Web Expert (OSWE) certification which demonstrates their ability in exploiting front-facing web apps.
The course aims to teach candidates how to perform an analysis on web app source code, identify vulnerabilities that scanner can’t detect, combine logical vulnerabilities to create a proof of concept, and exploit vulnerabilities with complex attacks. The course is designed for experienced penetration testers, web application security specialists, and professionals working with the codebase and security infrastructure. The course also offers a hands-on approach with an online lab. Advanced Web Attacks and Exploitation exam cost is starting from $1299.
Prerequisites of Advanced Web Attacks and Exploitation (AWAE)
- Comfort reading and writing at least one coding language
- Familiarity with Linux
- Ability to write simple Python / Perl / PHP / Bash scripts
- Experience with web proxies
- General understanding of web app attack vectors, theory, and practice