Photo by Giammarco Cruz on Unsplash

What’s the Best Certification? II

Brief reviews on advanced certifications

By Felipe Zárate | July 21, 2021 | Category: Opinions

Our previous blog post reviewed each beginner and intermediate certificate that our Red Team has achieved over the years. The goal, of course, was to provide basic information, advice and recommendations to those who are considering obtaining any of these certificates but do not know precisely which one. Following that format we will continue (a) describing the difficulty level of the certificates, (b) explaining to whom they are directed, and (c) illustrating what kind of knowledge, both practical and theoretical, must be acquired to be certified.

On this occasion, we have grouped the most difficult certificates designed for skillful pentesters. In this regard, it is expected that people seeking to obtain them have experience in this field. Even if it is not necessary, it is also likely that they have obtained the certificates described in our blog post What’s the Best Certification? I.

OSWE
Figure 1. Logo by Offensive Security

Offensive Security Web Expert (OSWE)

Granted by Offensive Security.
It is an intermediate level certification. It is one of the three certifications required to obtain the OSCE. It verifies the skills that a candidate has to "perform a deep analysis on decompiled web app source code." This exam requires experience as a pentester to understand better "white box web app pentesting." For some, it is an examination "focusing on abusing password reset functionality and showing how certain implementations can be insecure." Like other intermediate certificates we have reviewed, this exam lasts 48 hours. You have an additional 24 hours to prepare and upload the required documentation. Like the other two certificates needed to obtain the OSCE, this certificate does not expire.

Offensive Security Exploit Developer (OSED)

Granted by Offensive Security.
In a past blog, we interviewed Óscar Uribe, one of our security analysts, about his experience obtaining this certificate.

It is an intermediate level exam. OSED is usually done after the Offensive Security Certified Professional (OSCP). It is considered the end of Offensive Security’s triad of certifications before facing the Offensive Security Certified Expert (OSCE). It is necessary to accomplish a 48-hour exam to obtain the OSED —like most intermediate-level exams. Additionally, you have 24 hours available to make and submit the report that accompanies the practical test. This exam is focused on testing reverse engineering techniques, dedicated to create custom exploits and bypass security mitigations. Although not part of the course requirements, it is often recommended to have experience reading and understanding C code at a basic level. In addition, it is suggested to have the "ability to read and understand 32-bit Assembly code at a basic level."

eLearnSecurity Web Application Penetration Tester (eWPTv1)

Granted by eLearnSecurity.
In a past blog, we interviewed Andres Roldan, our Offensive Team Leader, about his experience obtaining this certificate.

It is an advanced certificate. If the Certified Red Team Expert (CRTE) had taken pentesting skills to the next level, the eWPTv1 demands complete mastery of pentester skills. It is considered as one of "the most advanced and hands-on training path[s] on web application penetration testing in the market." To obtain it, candidates must have had experience working in web application security. A crucial examination point is a detailed report required after completing the practical section. In this sense, this certification demands excellent skills to attack the vulnerabilities of a system and also verifies the candidate’s full-understanding of the steps followed during the attack.

eLearnSecurity Mobile Application Penetration Tester (eMAPT)

Granted by eLearnSecurity.
It’s an advanced level certificate. As its name suggests, it is designed for experts who want to test "advanced mobile application security knowledge through a scenario-based exam." This makes it a unique certificate among all we have reviewed. Until now, no certificate has been specific to mobile application security aspects. It is an entirely hands-on exam and focuses on the analysis of Android applications architecture. The candidate will be challenged with two Android applications that will have "to analyze and pentest." To do so, the candidate must "write an Android application that exploits vulnerabilities," which is usually one of the most challenging parts of the exam. Additionally, it has a section dedicated to making a professional report on what has been done in the practical section. Like other eLearnSecurity exams, it is up to the candidate to take the a course (INE training or take the exam confident in their experience in the field.

eLearnSecurity Web application Penetration Tester eXtreme (eWPTXv2)

Granted by eLearnSecurity.
It is a very advanced certificate. It’s more complex than the eWPTv1. In fact, eLearnSecurity touts it as "our most advanced web application pentesting certification." The report that candidates must submit should be much more complete than the one they presented in the eWPTv1. In a sense, it has to be more "professional" than the report in eWPTv1 or approaching "writing a commercial-grade penetration testing report\[s]." The practical test focuses on a penetration test on a corporate network created from real scenarios. The whole exam targets web application analysis, advanced abilities to bypass XSS and SQLi filters, and custom exploits creation skills—both this test and the eWPTv1 last 48 hours.

Offensive Security Certified Expert (OSCE)

Granted by Offensive Security.
In a past blog, we interviewed Andres Roldan, our Offensive Team Leader, about his experience obtaining this certificate.

It is a very advanced certificate. It is the only one on our list that is on par with the eWPTXv2. The OSCE can be achieved after obtaining the three previous Offensive Security certificates (OSED, OSWE, OSEP). However, the same company that awards it also suggests "going for this cert after attaining your OSCP." The OSCE certifies that the candidate knows how to discover vulnerabilities using fuzzing rather than reverse engineering (as we have already said that OSED does). Unlike the other three Offensive Security certificates, the OSCE focuses on three areas: web, pentesting and exploit development. This test does not require a report. From our Offensive Team Leader Experience, the necessary preparation should be at least nine hours a day studying for fifty days. Despite being one of the most challenging certificates to obtain, it is one scale below the famous OSEE, one of the most difficult in the world.

eWPTv2 certification
Figure 2. Logo by eLearn Security

With this, we reach every certificate we have obtained to date, and therefore, the end of our review. We hope it has been helpful. We will advocate for continuing blogging this kind of post as we continue obtaining more certificates.

We at Fluid Attacks do not stop at our mission to offer the best Red Team to our clients. That’s why we are constantly facing new challenges and strengthening our Ethical Hacking skills. For more information, do not hesitate to Contact us!