Certifications

OSEE is the most complicated exploit development certification. It was created by Offensive Security. The exam evaluates the content of the Advanced Windows Exploitation course (EXP-401), as well as professionals' lateral thinking and adaptability to challenges. They have 72 hours to perform a thorough pentest on vulnerable software and report it with sufficient detail, including the exploit methods employed.

OSED is an exploit development certification, created by Offensive Security. It is one of three certifications that make up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing. In an intense 48-hour exam, professionals prove they can find bugs in a binary application and build an exploit from scratch, craft exploits for common security mitigations and use the technique to bypass data execution.

OSWE is a certification designed to demonstrate the ability to exploit web apps, which is recommended to be obtained after OSCP. In a 48-hour exam within an isolated VPN, professionals assess and attack different web apps and operating systems. They must prove their skills by identifying vulnerabilities and then exploiting them.

OSWP is the only professional certification in practical wireless attacks in the security field today. In a hands-on exam, an OSWP must prove they have the skills to do 802.11 wireless audits using open source tools.

OSCP is a professional certification in ethical hacking developed by Offensive Security. It is the first fully hands-on offensive information security certification in the world. It requires the professionals to prove that they have a clear understanding of the penetration testing process and lifecycle through an arduous 24-hour exam.

OSEP is a certification created by Offensive Security. Candidates have to prove they are skilled in advanced penetration testing techniques. The challenges include bypassing security mechanisms and evading defenses while executing advanced organized attacks in a focused manner.

OSCE is a certification focused on advanced penetration testing skills, created by Offensive Security. In an intense 48-hour exam, the professionals prove they can develop exploits, execute attacks and obtain administrative access. OSCEs can think outside the box and perform with persistence, even under pressure.

OSCE3 is a certification created by Offensive Security. It is awarded to individuals who have gained the OSED, OSWE and OSEP certifications. This means that candidates have to prove they can build exploits from scratch, identify and exploit vulnerabilities in web apps, and conduct penetration testing against hardened systems, respectively.

The Certified Red Teaming Expert is a fully hands-on certification given by the Pentester Academy. This certification guarantees a person with the expertise to assess the security of an unknown Windows infrastructure and recognize misconfigurations and abuses.

The Certified Red Team Professional is a fully hands-on certification given by the Pentester Academy. This certification guarantees that the person has the expertise to assess the security of an Active Directory environment. Professionals compromise Active Directory by abusing features and functionalities without relying on patchable exploits.

eMAPT is a certification created by eLearnSecurity. This certification is intended to be achieved by cybersecurity experts with advanced mobile application security knowledge. It evaluates the candidate's skills to perform an expert-level analysis and penetration test. To do so, they must perform manual exploitation, reverse engineering and decryption in two Android applications.

eWPTv1 is a certification created by eLearnSecurity. It is the only certification for Web Application Penetration testers that evaluates the ability to attack a target. It assesses a cybersecurity professional's web application penetration testing skills. The eWPTv1 certification assesses the expertise of a person in two main aspects:

  • Penetration testing processes and methodologies

  • Web application analysis and inspection

eWPTXv2 is a certification created by eLearnSecurity. This is the most advanced web application pentesting certification. It evaluates the candidate's skills to perform an expert-level penetration test. eWPTXv2 assesses a person's expertise in two main aspects:

  • Advanced reporting skills and remediation

  • Ability to create custom exploits when modern tools fail

eCXD is a certification created by eLearnSecurity. It tests the individual's ability to detect software vulnerabilities. In addition, it evaluates their skill to develop exploits on Linux and Windows. eCXD tests are based on real-world scenarios. Subjects under evaluation must show knowledge in advanced exploit methodologies. Moreover, they must go further by devising alternative exploitation paths.

eCPTX is the most advanced pentesting certification created by eLearnSecurity and is now in its second version. Individuals under evaluation must conduct a penetration test on a corporate network based on a real-world scenario. They have to apply several sophisticated methodologies, stay under the radar the entire time and give solid evidence of their findings to obtain this certification.

eCRE is a certification created by eLearnSecurity. It certifies that the individual is capable of performing reverse engineering on Windows-based applications. Candidates have to pass a challenging theoretical exam and successfully complete a practical test where they prove their ability to analyze complex algorithms and code, and to bypass different code obfuscation methods.

eCMAP is a certification created by eLearnSecurity. It is the most practical and professionally-oriented certification in malware analysis. In order to achieve it, candidates have to analyze a malware sample, demonstrate its functionality, write a signature that can be used to detect the malware in other systems or networks, and provide a detailed professional report.

eCTHPv2 is a certification created by eLearnSecurity. Candidates have to prove their threat hunting and threat identification capabilities in a practical test modeled after real-world corporate network vulnerabilities. Up-to-date knowledge of advanced attack techniques, as well as proficiency in event analysis and network traffic inspection are required to complete the test successfully. In addition, candidates must prove that they can propose suitable defense strategies.

CEH is a professional certification by the International Electronic Commerce Council (EC-Council). This council certifies professionals in the security discipline of ethical hacking. It is unaffiliated with any commercial entity and is considered independent and impartial.

CompTIA is an international certification. It was created by Computing Technology Industry Association. It certifies that the candidate has the knowledge to install systems to protect applications. The candidate can assess the security posture of an enterprise environment. They can recommend and implement appropriate security solutions. Further, they can monitor and secure hybrid environments, including cloud, mobile and IoT.

The CDP credential validates the practical expertise to understand, implement and manage the DevSecOps program in a firm. A CDP can assess the current state of DevSecOps, embed security as part of DevOps, manage vulnerabilities and improve the overall maturity level.

ISO27001 is an international certification. It evaluates the candidate's expertise to perform an Information Security Management System audit. To do so, it applies audit principles, procedures and techniques.

C)ISSO is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving their knowledge in a large variety of information security areas, which enables them, among other things, to participate in risk assessments, identify cybersecurity problems, advise senior leadership, manage threats and define policies to ensure protection of critical infrastructure.

C)PTE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving in-depth knowledge in penetration testing key elements, such as information gathering, network scanning and enumeration, vulnerability exploitation, and reporting. Apart from these skills, candidates must also have advanced conceptual knowledge in technology, engineering and programming.

C)SWAE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving they know how to design and build web applications that do not have common vulnerabilities, as well as how to test and validate a web application's security, reliability and resistance.