OSEE is the most complicated exploit development certification. It was created by Offensive Security. The exam evaluates the content of the Advanced Windows Exploitation course (EXP-401), as well as professionals' lateral thinking and adaptability to challenges. They have 72 hours to perform a thorough pentest on vulnerable software and report it with sufficient detail, including the exploit methods employed.
OSCE3 is a certification created by Offensive Security. It is awarded to individuals who have gained the OSED, OSWE and OSEP certifications. This means that candidates have to prove they can build exploits from scratch, identify and exploit vulnerabilities in web apps, and conduct penetration testing against hardened systems, respectively.
OSCE is a certification focused on advanced penetration testing skills, created by Offensive Security. In an intense 48-hour exam, the professionals prove they can develop exploits, execute attacks and obtain administrative access. OSCEs can think outside the box and perform with persistence, even under pressure.
OSED is an exploit development certification, created by Offensive Security. It is one of three certifications that make up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing. In an intense 48-hour exam, professionals prove they can find bugs in a binary application and build an exploit from scratch, craft exploits for common security mitigations and use the technique to bypass data execution.
OSEP is a certification created by Offensive Security. Candidates have to prove they are skilled in advanced penetration testing techniques. The challenges include bypassing security mechanisms and evading defenses while executing advanced organized attacks in a focused manner.
OSWE is a certification designed to demonstrate the ability to exploit web apps, which is recommended to be obtained after OSCP. In a 48-hour exam within an isolated VPN, professionals assess and attack different web apps and operating systems. They must prove their skills by identifying vulnerabilities and then exploiting them.
OSCP is a professional certification in ethical hacking developed by Offensive Security. It is the first fully hands-on offensive information security certification in the world. It requires the professionals to prove that they have a clear understanding of the penetration testing process and lifecycle through an arduous 24-hour exam.
OSWP is the only professional certification in practical wireless attacks in the security field today. In a hands-on exam, an OSWP must prove they have the skills to do 802.11 wireless audits using open source tools.
GXPN is a certification issued by Global Information Assurance Certification (GIAC). Candidates must pass an exam proving their advanced penetration testing skills and knowledge about exploitation. These include bypassing network access control systems and using protocol fuzzing to discover weaknesses in a target system, as well as attacking and exploiting common flaws in cryptographic implementations. Completing the exam questions requires hands-on skills and the performance of tasks mimicking reality.
GPEN is a certification issued by Global Information Assurance Certification (GIAC). Candidates must pass an exam proving their advanced knowledge on the phases of pentesting, vulnerability scanning and techniques including password attacks, attacks on Azure environments, Windows privilege escalation attacks and attacks against Active Directory. Completing the exam questions requires hands-on skills and the performance of tasks mimicking reality.
eCPTX is the most advanced pentesting certification created by eLearnSecurity and is now in its second version. Individuals under evaluation must conduct a penetration test on a corporate network based on a real-world scenario. They have to apply several sophisticated methodologies, stay under the radar the entire time and give solid evidence of their findings to obtain this certification.
eWPTXv2 is a certification created by eLearnSecurity. This is the most advanced web application pentesting certification. It evaluates the candidate's skills to perform an expert-level penetration test. eWPTXv2 assesses a person's expertise in two main aspects:
Advanced reporting skills and remediation
Ability to create custom exploits when modern tools fail
eCRE is a certification created by eLearnSecurity. It certifies that the individual is capable of performing reverse engineering on Windows-based applications. Candidates have to pass a challenging theoretical exam and successfully complete a practical test where they prove their ability to analyze complex algorithms and code, and to bypass different code obfuscation methods.
eCXD is a certification created by eLearnSecurity. It tests the individual's ability to detect software vulnerabilities. In addition, it evaluates their skill to develop exploits on Linux and Windows. eCXD tests are based on real-world scenarios. Subjects under evaluation must show knowledge in advanced exploit methodologies. Moreover, they must go further by devising alternative exploitation paths.
eCPPTv2 is a certification created by eLearnSecurity. Candidates must prove their skills in using different methodologies for a thorough penetration test in a practical exam modeled after a real-world corporate network. The targets of the assessments and attacks include Windows and Linux systems and web applications. Further, the individual has to write a report that includes recommendations for remediation.
eMAPT is a certification created by eLearnSecurity. This certification is intended to be achieved by cybersecurity experts with advanced mobile application security knowledge. It evaluates the candidate's skills to perform an expert-level analysis and penetration test. To do so, they must perform manual exploitation, reverse engineering and decryption in two Android applications.
eWPTv1 is a certification created by eLearnSecurity. It is the only certification for Web Application Penetration testers that evaluates the ability to attack a target. It assesses a cybersecurity professional's web application penetration testing skills. The eWPTv1 certification assesses the expertise of a person in two main aspects:
Penetration testing processes and methodologies
Web application analysis and inspection
eCTHPv2 is a certification created by eLearnSecurity. Candidates have to prove their threat hunting and threat identification capabilities in a practical test modeled after real-world corporate network vulnerabilities. Up-to-date knowledge of advanced attack techniques, as well as proficiency in event analysis and network traffic inspection are required to complete the test successfully. In addition, candidates must prove that they can propose suitable defense strategies.
eCMAP is a certification created by eLearnSecurity. It is the most practical and professionally-oriented certification in malware analysis. In order to achieve it, candidates have to analyze a malware sample, demonstrate its functionality, write a signature that can be used to detect the malware in other systems or networks, and provide a detailed professional report.
eJPT is a certification created by eLearnSecurity. It certifies that the individual has the essential skills to conduct penetration testing. The exam is entirely hands-on, modeled after real-world scenarios. It demands actions such as vulnerability assessment of networks and web applications, manual exploitation of the latter and using Metasploit to perform attacks.
CRTL is a certification created by Zero-Point Security. To earn it, candidates must obtain all four flags on a given set of machines in an AD environment and submit them for scoring. They have 72 hours or five days to complete this. The exam demands skill mainly at building versatile, resilient and secure C2 infrastructure, writing offensive tooling and bypassing security.
CRTO is a certification created by Zero-Point Security. In order to earn it, candidates must pass a 48-hour practical examination in which they prove they can achieve multiple domain takeovers. They must be able to provide an adversarial perspective, challenging assumptions that an organization makes about its security practices, and identify areas that need improvement in its operational defense.
CRTM is a fully hands-on certification issued by Altered Security. To earn it, the person has to find vulnerabilities and then fix them. Succeeding involves skills that include abusing Windows technologies that are not targeted in most certifications, like LAPS, WSL, JEA, WDAC, ASR, CLM and MS Exchange.
CRTE is a fully hands-on certification issued by Altered Security. This certification guarantees a person with the expertise to assess the security of an unknown Windows infrastructure and recognize misconfigurations and abuses.
CRTP is a fully hands-on certification issued by Altered Security. This certification guarantees that the person has the expertise to assess the security of an Active Directory environment. Professionals compromise Active Directory by abusing features and functionalities without relying on patchable exploits.
CARTP is a fully hands-on certification issued by Altered Security. Candidates must pass a 24-hour exam. Their task is to compromise all the resources across a multi-tenant Azure environment. This certification guarantees that the person has the expertise to understand and assess the security of this type of environment.
PNPT is a certification created by TCM Security. Candidates must prove their ability to perform a network penetration test at a professional level. This involves expertly gathering OSINT and using internal and external penetration testing techniques.
CEH (Master) is a professional certification by the International Electronic Commerce Council (EC-Council). In order to earn it, candidates have to prove their expert knowledge of ethical hacking techniques and tools used by malicious hackers. Moreover, they have to prove they can use this knowledge to look for vulnerabilities in a realistic corporate network environment.
CEH (Practical) is a professional certification by the International Electronic Commerce Council (EC-Council). In order to earn it, candidates must prove their skills to perform several ethical hacking techniques. These include attack vector identification, network scanning, system and web app hacking, vulnerability exploitation, among others. This is done in a realistic corporate network environment.
CEH is a professional certification by the International Electronic Commerce Council (EC-Council). This council certifies professionals in the security discipline of ethical hacking. It is unaffiliated with any commercial entity and is considered independent and impartial.
CCRTA is a hands-on certification issued by CyberWarFare Labs. Its holders have an understanding of the MITRE ATT&CK® framework and have proved their skills in red teaming tactics, both on Linux and Windows, in one single environment. These include doing recon in internal and external enterprise infrastructure, gaining stealth, persistence and data exfiltration, and abusing web and network technologies.
C)PTC is a certification created by Mile2. In order to earn it, candidates must prove their expertise in penetration testing by exploiting zero-day vulnerabilities, bypassing security mechanisms such as ASLR and DEP, personalizing existing exploits and chaining vulnerabilities together to elevate privileges. Additionally, they must pass a theoretical exam focused on advanced penetration testing and exploitation concepts.
C)SWAE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving they know how to design and build web applications that do not have common vulnerabilities, as well as how to test and validate a web application's security, reliability and resistance.
C)PTE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving in-depth knowledge in penetration testing key elements, such as information gathering, network scanning and enumeration, vulnerability exploitation and reporting. Apart from these skills, candidates must also have advanced conceptual knowledge in technology, engineering and programming.
CompTIA PenTest+ is a certification given to cybersecurity professionals who pass a comprehensive theoretical exam, proving their vast knowledge about all the stages of penetration testing. In this exam they also have to prove their vulnerability assessment and management skills.
BSCP is a certification created by PortSwigger's Web Security Academy. Individuals awarded the BSCP demonstrate their knowledge and skills in identifying and exploiting multiple common web vulnerabilities (e.g., HTTP request smuggling, XSS, and SQL injection). In a four-hour exam (prior to which preparation and practice steps are available), they must cleverly use Burp Suite, a web application security testing toolkit developed by PortSwigger.
CCT-APP is a certification created by CREST. Candidates must pass both the theoretical and the hands-on practical examination. They must prove they have the skill to find and exploit security issues and vulnerabilities in web applications that are custom made and up to date on the recent advances in technology and security. Moreover, they must show they know how to write client reports.
CRT is a certification created by CREST. Candidates must pass both a theoretical and a practical examination, proving they have the technical knowledge and the actual skill to carry out vulnerability assessment and penetration testing. In the hands-on section, they must find the vulnerabilities across network, application and database technologies. A valid CPSA pass is a prerequisite for the CRT.
CPSA is a certification created by CREST. Candidates must pass a theoretical exam, proving basic knowledge in assessing operating systems and common network services. Additionally, the exam tests candidates' intermediate-level knowledge in web application security testing and methods to identify common web application security vulnerabilities. Moreover, candidates must understand the benefits of penetration testing for clients according to their requirements.
CAP is a certification created by The SecOps Group. Candidates have to prove their knowledge on topics related to application security in a written exam. Its questions are based on real-world scenarios. They cover mainly OWASP Top 10 vulnerabilities, business logic flaws, security misconfigurations, vulnerable components, vulnerability exploitation, best practices and defense-in-depth measures.
CNSP is a certification created by The SecOps Group. Candidates have to prove their knowledge on network security core concepts in a written exam. Its questions are based on real-world scenarios. They cover topics such as the basics of AD security, network protocols, network scanning and fingerprinting, assessment of network services, web servers and frameworks, and basic malware analysis.