OSEE is the most complicated exploit development certification. It was created by OffSec. The exam evaluates the content of the Advanced Windows Exploitation course (EXP-401), as well as professionals' lateral thinking and adaptability to challenges. They have 72 hours to perform a thorough pentest on vulnerable software and report it with sufficient detail, including the exploit methods employed.
OSCE3 is a certification created by OffSec. It is awarded to individuals who have gained the OSED, OSWE and OSEP certifications. This means that candidates have to prove they can build exploits from scratch, identify and exploit vulnerabilities in web apps, and conduct penetration testing against hardened systems, respectively.
OSCE is a retired certification focused on advanced penetration testing skills, created by OffSec. In an intense 48-hour exam, the professionals proved they can develop exploits, execute attacks and obtain administrative access. OSCEs can think outside the box and perform with persistence, even under pressure.
OSED is an exploit development certification, created by OffSec. It is one of three certifications that make up the new OSCE3 certification, along with the OSWE for web application security and the OSEP for penetration testing. In an intense 48-hour exam, professionals prove they can find bugs in a binary application and build an exploit from scratch, craft exploits for common security mitigations and use the technique to bypass data execution.
OSWE is a certification designed to demonstrate the ability to exploit web apps, which is recommended to be obtained after OSCP. In a 48-hour exam within an isolated VPN, professionals assess and attack different web apps and operating systems. They must prove their skills by identifying vulnerabilities and then exploiting them.
OSCP is a professional certification in ethical hacking developed by OffSec. It is the first fully hands-on offensive information security certification in the world. It requires the professionals to prove that they have a clear understanding of the penetration testing process and lifecycle through an arduous 24-hour exam.
OSWP is the only professional certification in practical wireless attacks in the security field today. In a hands-on exam, an OSWP must prove they have the skills to do 802.11 wireless audits using open source tools.
GXPN is a certification issued by GIAC Certifications. Candidates must pass an exam proving their advanced penetration testing skills and knowledge about exploitation. These include bypassing network access control systems and using protocol fuzzing to discover weaknesses in a target system, as well as attacking and exploiting common flaws in cryptographic implementations. Completing the exam questions requires hands-on skills and the performance of tasks mimicking reality.
GWAPT is a certification issued by GIAC Certifications. Candidates must pass an exam proving their advanced skills in creating exploits for vulnerabilities in web applications. This involves their understanding of attacks such as SQL injection, XSS and CSRF to leverage flaws mainly in authentication mechanisms and configurations. Completing the exam questions requires hands-on skills and the performance of tasks mimicking reality.
GPEN is a certification issued by GIAC Certifications. Candidates must pass an exam proving their advanced knowledge on the phases of pentesting, vulnerability scanning and techniques including password attacks, attacks on Azure environments, Windows privilege escalation attacks and attacks against Active Directory. Completing the exam questions requires hands-on skills and the performance of tasks mimicking reality.
eCPTX was the most advanced pentesting certification created by INE Security and was earned by our team in its second version before it was retired. Individuals under evaluation had to conduct a penetration test on a corporate network based on a real-world scenario. They had to apply several sophisticated methodologies, stay under the radar the entire time and give solid evidence of their findings to obtain this certification.
eWPTXv2 is a certification created by INE Security. This is the most advanced web application pentesting certification. It evaluates the candidate's skills to perform an expert-level penetration test. eWPTXv2 assesses a person's expertise in two main aspects:
Advanced reporting skills and remediation
Ability to create custom exploits when modern tools fail
eCRE is a now retired certification created by INE Security. It certifies that the individual is capable of performing reverse engineering on Windows-based applications. Candidates have to pass a challenging theoretical exam and successfully complete a practical test where they prove their ability to analyze complex algorithms and code, and to bypass different code obfuscation methods.
eCXD is a now retired certification created by INE Security. It tested the individual's ability to detect software vulnerabilities. In addition, it evaluated their skill to develop exploits on Linux and Windows. eCXD tests were based on real-world scenarios. Subjects under evaluation had to show knowledge in advanced exploit methodologies. Moreover, they had to go further by devising alternative exploitation paths.
eCPPTv2 is a certification created by INE Security. Candidates must prove their skills in using different methodologies for a thorough penetration test in a practical exam modeled after a real-world corporate network. The targets of the assessments and attacks include Windows and Linux systems and web applications. Further, the individual has to write a report that includes recommendations for remediation.
eMAPT is a certification created by INE Security. This certification is intended to be achieved by cybersecurity experts with advanced mobile application security knowledge. It evaluates the candidate's skills to perform an expert-level analysis and penetration test. To do so, they must perform manual exploitation, reverse engineering and decryption in two Android applications.
eWPTv1 is a certification created by INE Security. It is the only certification for Web Application Penetration testers that evaluates the ability to attack a target. It assesses a cybersecurity professional's web application penetration testing skills. The eWPTv1 certification assesses the expertise of a person in two main aspects:
Penetration testing processes and methodologies
Web application analysis and inspection
eCTHPv2 is a certification created by INE Security. Candidates have to prove their threat hunting and threat identification capabilities in a practical test modeled after real-world corporate network vulnerabilities. Up-to-date knowledge of advanced attack techniques, as well as proficiency in event analysis and network traffic inspection are required to complete the test successfully. In addition, candidates must prove that they can propose suitable defense strategies.
eCMAP is a now retired certification created by INE Security. It was the most practical and professionally-oriented certification in malware analysis. In order to achieve it, candidates had to analyze a malware sample, demonstrate its functionality, write a signature that can be used to detect the malware in other systems or networks, and provide a detailed professional report.
eJPT is a certification created by INE Security. It certifies that the individual has the essential skills to conduct penetration testing. The exam is entirely hands-on, modeled after real-world scenarios. It demands actions such as vulnerability assessment of networks and web applications, manual exploitation of the latter and using Metasploit to perform attacks.
Red Team Lead is a certification created by Zero-Point Security. To earn it, candidates must obtain all four flags on a given set of machines in an AD environment and submit them for scoring. They have 72 hours or five days to complete this. The exam demands skill mainly at building versatile, resilient and secure C2 infrastructure, writing offensive tooling and bypassing security.
Red Team Operator is a certification created by Zero-Point Security. In order to earn it, candidates must pass a 48-hour practical examination in which they prove they can achieve multiple domain takeovers. They must be able to provide an adversarial perspective, challenging assumptions that an organization makes about its security practices, and identify areas that need improvement in its operational defense.
CRTM is a fully hands-on certification issued by Altered Security. To earn it, the person has to find vulnerabilities and then fix them. Succeeding involves skills that include abusing Windows technologies that are not targeted in most certifications, like LAPS, WSL, JEA, WDAC, ASR, CLM and MS Exchange.
CRTE is a fully hands-on certification issued by Altered Security. This certification guarantees a person with the expertise to assess the security of an unknown Windows infrastructure and recognize misconfigurations and abuses.
CRTP is a fully hands-on certification issued by Altered Security. This certification guarantees that the person has the expertise to assess the security of an Active Directory environment. Professionals compromise Active Directory by abusing features and functionalities without relying on patchable exploits.
CARTP is a fully hands-on certification issued by Altered Security. Candidates must pass a 24-hour exam. Their task is to compromise all the resources across a multi-tenant Azure environment. This certification guarantees that the person has the expertise to understand and assess the security of this type of environment.
PNPT is a certification created by TCM Security. Candidates must prove their ability to perform a network penetration test at a professional level. This involves expertly gathering OSINT and using internal and external penetration testing techniques.
CEH (Master) is a professional certification by the International Electronic Commerce Council (EC-Council). In order to earn it, candidates have to prove their expert knowledge of ethical hacking techniques and tools used by malicious hackers. Moreover, they have to prove they can use this knowledge to look for vulnerabilities in a realistic corporate network environment.
CEH (Practical) is a professional certification by the International Electronic Commerce Council (EC-Council). In order to earn it, candidates must prove their skills to perform several ethical hacking techniques. These include attack vector identification, network scanning, system and web app hacking, vulnerability exploitation, among others. This is done in a realistic corporate network environment.
CEH is a professional certification by the International Electronic Commerce Council (EC-Council). This council certifies professionals in the security discipline of ethical hacking. It is unaffiliated with any commercial entity and is considered independent and impartial.
CCRTA is a hands-on certification issued by CyberWarFare Labs. Its holders have an understanding of the MITRE ATT&CK® framework and have proved their skills in red teaming tactics, both on Linux and Windows, in one single environment. These include doing recon in internal and external enterprise infrastructure, gaining stealth, persistence and data exfiltration, and abusing web and network technologies.
C)PTC is a certification created by Mile2. In order to earn it, candidates must prove their expertise in penetration testing by exploiting zero-day vulnerabilities, bypassing security mechanisms such as ASLR and DEP, personalizing existing exploits and chaining vulnerabilities together to elevate privileges. Additionally, they must pass a theoretical exam focused on advanced penetration testing and exploitation concepts.
C)SWAE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving they know how to design and build web applications that do not have common vulnerabilities, as well as how to test and validate a web application's security, reliability and resistance.
C)PTE is a certification created by Mile2. In order to earn it, candidates must pass a theoretical exam, proving in-depth knowledge in penetration testing key elements, such as information gathering, network scanning and enumeration, vulnerability exploitation and reporting. Apart from these skills, candidates must also have advanced conceptual knowledge in technology, engineering and programming.
CompTIA PenTest+ is a certification given to cybersecurity professionals who pass a comprehensive theoretical exam, proving their vast knowledge about all the stages of penetration testing. In this exam they also have to prove their vulnerability assessment and management skills.
BSCP is a certification created by PortSwigger's Web Security Academy. Individuals awarded the BSCP demonstrate their knowledge and skills in identifying and exploiting multiple common web vulnerabilities (e.g., HTTP request smuggling, XSS, and SQL injection). In a four-hour exam (prior to which preparation and practice steps are available), they must cleverly use Burp Suite, a web application security testing toolkit developed by PortSwigger.
CCT-APP is a certification created by CREST. Candidates must pass both the theoretical and the hands-on practical examination. They must prove they have the skill to find and exploit security issues and vulnerabilities in web applications that are custom made and up to date on the recent advances in technology and security. Moreover, they must show they know how to write client reports.
CRT is a certification created by CREST. Candidates must pass both a theoretical and a practical examination, proving they have the technical knowledge and the actual skill to carry out vulnerability assessment and penetration testing. In the hands-on section, they must find the vulnerabilities across network, application and database technologies. A valid CPSA pass is a prerequisite for the CRT.
CPSA is a certification created by CREST. Candidates must pass a theoretical exam, proving basic knowledge in assessing operating systems and common network services. Additionally, the exam tests candidates' intermediate-level knowledge in web application security testing and methods to identify common web application security vulnerabilities. Moreover, candidates must understand the benefits of penetration testing for clients according to their requirements.
HTB CPTS is a certification offered by Hack The Box. It is focused on challenging candidates' pentesting skills in situations close to the current threat landscape. Therefore, the exam requires performing web, internal, external and Active Directory attacks, among others, proving a deep knowledge of tools and tactics. It also requires creating a report with the vulnerabilities found and remediation advice.
7CMP is a mobile penetration testing certification created by 7ASecurity. The exam's orientation is practical, so applicants must perform pentesting on real Android and iOS apps. These must be completed within a predetermined time frame and culminate in written reports. 7ASecurity offers preliminary courses associated with this certification that cover and go beyond the OWASP Mobile Top 10.
CAPen is a certification created by The SecOps Group. Candidates have to prove their knowledge on application pentesting in a four-hour practical exam. The exam poses challenges that involve identifying and exploiting vulnerabilities and obtaining flags in an environment that mimics those in real organizations.
CMPen - Android is a certification created by The SecOps Group. Candidates have to prove their knowledge on key concepts of the security of Android applications in a practical exam. Mainly, this exam requires performing SAST and DAST to identify various vulnerabilities (e.g., OWASP Mobile Top 10), exploiting them and obtaining flags.
CCSP-AWS is a certification created by The SecOps Group. Candidates have to prove their knowledge on topics related to Amazon Web Services cloud security in a written exam. Its questions are based on real-world scenarios. They cover mainly the development of Amazon Web Services infrastructure systems following security best practices.
CAP is a certification created by The SecOps Group. Candidates have to prove their knowledge on topics related to application security in a written exam. Its questions are based on real-world scenarios. They cover mainly OWASP Top 10 vulnerabilities, business logic flaws, security misconfigurations, vulnerable components, vulnerability exploitation, best practices and defense-in-depth measures.
CNSP is a certification created by The SecOps Group. Candidates have to prove their knowledge on network security core concepts in a written exam. Its questions are based on real-world scenarios. They cover topics such as the basics of AD security, network protocols, network scanning and fingerprinting, assessment of network services, web servers and frameworks, and basic malware analysis.
C3SA is a certification created by CyberWarFare Labs. Individuals awarded the C3SA have passed a theoretical exam, whose questions are based on real-world scenarios, demonstrating their knowledge about cloud, network and web security domains, how to build defensive architecture and identify attacks, and general offensive cybersecurity topics.
CASA is a certification created by APIsec University. To earn it, candidates must demonstrate their knowledge of API security threats, risks, and best practices. They must correctly answer more than 80% of an exam with 100 multiple-choice questions. It is recommended to previously complete the course OWASP API Security and Beyond!
Ethical Hacker is a certification created by Cisco Networking Academy. To earn it, candidates must pass a written exam consisting of multiple-choice questions. Succeeding requires a solid understanding of offensive security as well as how to create a useful report of the findings. Optionally, the candidates may first complete the 70-hour, self-paced course, which offers information using a gamified narrative and many labs to gain hands-on experience with realistic scenarios. Both the course and exam are free of cost.