OSEE is the most complicated exploit development certification. It was created by Offensive Security. The exam evaluates the content of the Advanced Windows Exploitation course (EXP-401), as well as professionals' lateral thinking and adaptability to challenges. They have 72 hours to perform a thorough pentest on vulnerable software and report it with sufficient detail, including the exploit methods employed.
OSCE is a certification focused on advanced penetration testing skills, created by Offensive Security. In an intense 48-hour exam, the professionals prove they can develop exploits, execute attacks, and obtain administrative access. OSCEs can think outside the box and perform with persistence, even under pressure.
OSED is an exploit development certification, created by Offensive Security (OffSec). It is one of three certifications that make up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing. In an intense 48-hour exam, professionals prove they can find bugs in a binary application and build an exploit from scratch, craft exploits for common security mitigations and use the technique to bypass data execution.
OSWE is a certification designed to demonstrate the ability to exploit web apps, which is recommended to be obtained after OSCP. In a 48-hour exam within an isolated VPN, professionals assess and attack different web apps and operating systems. They must prove their skills by identifying vulnerabilities and then exploiting them.
OSWP is the only professional certification in practical wireless attacks in the security field today. In a hands-on exam, an OSWP must prove they have the skills to do 802.11 wireless audits using open source tools.
OSCP is a professional certification in ethical hacking developed by Offensive Security. It is the first fully hands-on offensive information security certification in the world. It requires the professionals to prove that they have a clear understanding of the penetration testing process and lifecycle through an arduous 24-hour exam.
The Certified Red Teaming Expert (CRTE) is a fully hands-on certification given by the Pentester Academy. This certification guarantees a person with the expertise to assess the security of an unknown Windows infrastructure and recognize misconfigurations and abuses.
The Certified Red Team Professional (CRTP) is a fully hands-on certification given by the Pentester Academy. This certification guarantees that the person has the expertise to assess the security of an Active Directory environment. Professionals compromise Active Directory by abusing features and functionalities without relying on patchable exploits.
eWPTv2 is a certification created by eLearnSecurity. This is the most advanced web application pentesting certification. It evaluates the candidate’s skills to perform an expert-level penetration test. eWPTv2 assesses a person’s expertise in two main aspects:
-
Advanced reporting skills and remediation
-
Ability to create custom exploits when modern tools fail
eMAPT is a certification created by eLearnSecurity. This certification is intended to be achieved by cybersecurity experts with advanced mobile application security knowledge. It evaluates the candidate’s skills to perform an expert-level analysis and penetration test. To do so, candidates must perform manual exploitation, reverse engineering and decryption in two Android applications.
eWPTv1 is a certification created by eLearnSecurity. It is the only certification for Web Application Penetration testers that evaluates the ability to attack a target. It assesses a cybersecurity professional’s web application penetration testing skills. The eWPTv1 certification assesses the expertise of a person in two main aspects:
-
Penetration testing processes and methodologies
-
Web application analysis and inspection
eCXD is a certification created by eLearnSecurity. It tests the individual’s ability to detect software vulnerabilities. In addition, it evaluates their skill to develop exploits on Linux and Windows. eCXD tests are based on real-world scenarios. Subjects under evaluation must show knowledge in advanced exploit methodologies. Moreover, they must go further by devising alternative exploitation paths.
eCPTX is the most advanced pentesting certification created by eLearnSecurity, which is now in its second version. Individuals under evaluation must conduct a penetration test on a corporate network based on a real-world scenario. They have to apply several sophisticated methodologies, stay under the radar the entire time, and give solid evidence of their findings to obtain this certification.
CEH is a professional certification by the International Electronic Commerce Council (EC-Council). This council certifies professionals in the security discipline of ethical hacking. It is unaffiliated with any commercial entity and is considered independent and impartial.
CompTIA is an international certification. It was created by Computing Technology Industry Association. It certifies that the candidate has the knowledge to install systems to protect applications. The candidate can assess the security posture of an enterprise environment. She can recommend and implement appropriate security solutions. And she can monitor and secure hybrid environments, including cloud, mobile, and IoT.
The CDP credential validates the practical expertise to understand, implement and manage the DevSecOps program in a firm. A CDP can assess the current state of DevSecOps, embed security as part of DevOps, manage vulnerabilities and improve the overall maturity level.
ISO27001 is an international certification. It evaluates the candidate’s expertise to perform an Information Security Management System audit. To do so, it applies audit principles, procedures and techniques.