Penetration testing requires a wide range of skills, and one of the best ways to acquire and validate those skills is through certifications. Certifications act as a great way to get baseline skills, and then further refine those skills into specialties within penetration testing. With how many certifications are available, it can be difficult to decide which one is going to work best for you. Certifications are typically a substantial financial investment, and they will often take time and practice to pass.
General Knowledge
Before picking a penetration testing specialty, taking a course that supplies some of the general core concepts of penetration testing is a good idea. There are many certifications available on the market that accomplish this goal, each with its advantages and disadvantages. Each course is unique, so it is important to fully understand the content provided before making a decision.
The OSCP provided by OffSec is likely one of the most famous (or infamous) penetration testing certifications. It holds a high level of regard in the industry and is often seen as the gateway to penetration testing. This is a difficult exam that focuses on core concepts within penetration testing and introductory active directory testing. The course and exam are regularly modified based on emerging trends in penetration testing. With a starting price of $1649, it is one of the more expensive introductory courses.
As a more recently introduced course, the PNPT by TCM Security is a great alternative for gaining general knowledge. This course is rapidly gaining popularity and recognition within the industry as one of the premier penetration testing certifications. The course covers many different areas of penetration testing and prides itself on the real-world certification exam and debriefing required to pass. At $499, it is a mid-price certification with great value.
For a more low-level introductory course, the eJPT is a great option. This course covers more simple concepts than others and can work better as a start in hacking from no knowledge whatsoever. The exam takes less of a real-world approach and instead aims to quiz the student on concepts taught in the course with small exercises and multiple-choice questions. At $249, it is certainly one of the more affordable options.
Specified Certifications
After developing a solid foundation in the core concepts of penetration testing, the next step is to dive deeper into certain areas. Penetration testing covers a wide range of specialties, each with complex concepts that can be taught similarly to the general knowledge courses. The biggest distinction will be that specified certifications often assume that the student already understands the core concepts of penetration testing or even the core concepts of the specialty.
Red Teaming is by far one of the more popular specialties for penetration testers to pursue. This typically focuses on a deep understanding of internal networks, IAM tools such as Active Directory, and detection evasion in enterprise networks. Two of the most popular courses for red teaming are the CRTP by Altered Security, and the CRTO by Zero-Point Security. With the courses starting at $249 and $480 respectively, they can be great, affordable ways to develop an understanding of red teaming exercises.
Another popular specialty is web application security. Focusing on this requires a solid understanding of coding concepts and web technologies. Web application testing can get very complex, and as such requires a wide range of skills and knowledge. There are many great certifications available, each with a different delivery style, to teach the core concepts. Some of the more popular certifications are the OSWA by OffSec and the CBBH by HackTheBox. Starting at $1649 and $490 respectively, they are on the higher end of prices for certifications.
Within these groups, there are advanced certifications as well that take the testing a step further and cover deeper concepts. Some more advanced red team certifications are the CRTE by Altered Security and the CRTL by Zero-Point Security. For web application testing, similar courses are the OSWE by OffSec and the CWEE by HackTheBox. These are only examples of a few narrow specializations within penetration testing, but there are many courses available to cover other areas as well.
Picking a certification ultimately depends on individual interest and desire. It is much easier to learn something with passion instead of feeling like studying is torture. Spending some time to understand what a day in the life is like for someone in each of these specialties is key to choosing the correct certification option.