Ethical hacking is an exciting career path that requires a diverse range of skills. It is a career that requires constant learning, as cybercriminal tactics, techniques and procedures rapidly evolve.
Ethical hackers need to keep abreast of existing and newer techniques to ensure their clients receive services that accurately pinpoint vulnerabilities in infrastructure and applications. There are many ways to do this nowadays, with many capture the flag-style labs available for free or for minimal cost and many companies offering bug bounty programs to test skills in the real world.
A popular option when looking to gain employment as an ethical hacker is pursuing ethical hacker certifications. Read on to learn about five ethical hacker certifications.
1. Offensive Security Certified Professional
Offensive Security's "PEN-200 Penetration Testing with Kali Linux," which culminates in Offensive Security Certified Professional (OSCP) certification, is the top course recommended to anyone looking to become an ethical hacker or improve their hacking skills.
The course teaches the mindset of an ethical hacker, how to be able to think outside the box and how to not give up when a certain technique doesn't work. It has a heavy focus on infrastructure testing, especially internal networks. It teaches the techniques an ethical hacker needs to know to escalate privileges and move laterally around a network through the use of extensive labs with hackable machines.
The OSCP exam can be difficult. Many people will fail, but it is worth persevering. PEN-200 is an all-consuming course -- prepare to lose yourself in the labs for months -- but it is also the best ethical hacking course available. Before taking the 24-hour exam, it's recommended that applicants have the following:
- TCP/IP knowledge
- Windows and Linux admin experience
- Bash and/or Python scripting experience
2. GIAC Web Application Penetration Tester
GIAC Web Application Penetration Tester (GWAPT) provides a great overview of web application testing techniques. The techniques used for hacking web apps are different than those used to hack infrastructure. The GWAPT certification is based on SANS Institue's "SEC542: Web App Penetration Testing and Ethical Hacking," a six-day course that teaches the techniques needed to become a proficient web app tester and covers the majority of the OWASP methodology. The syllabus includes the following:
- Introduction and Information Gathering
- Content Discovery, Authentication and Session Testing
- XSS (cross-site scripting), SSRF (server-side request forgery) and XXE (XML external entity)
- CSRF (cross-site request forgery), Logic Flaws and Advanced Tools
- Capture the Flag
The three-hour, 82-question, proctored GWAPT exam has a minimum passing score of 71%.
Although not strictly focused on ethical hacking, (ISC)2's CISSP provides a broad grounding in information security principles. Ethical hackers should have a wide range of skills; it is useful when talking to clients to understand the challenges they face.
CISSP covers the following eight domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Pen testing and ethical hacking are large topics of domain six, as are vulnerability assessments, log reviews and compliance checks.
CISSP applicants must demonstrate five years of experience in at least two of the domains to qualify for the exam. CISSP training can be completed through self-study or via in-person or online courses. The four-hour exam, composed of 125 to 175 multiple-choice questions, has a passing score of 70%.
4. CompTIA certifications
CompTIA offers a variety of qualifications useful to ethical hackers, including Security+, PenTest+ and Advanced Security Practitioner (CASP+). Security+ is more entry-level, while the others are for those with experience. CompTIA is well respected in the industry and often mentioned in job postings for ethical hacker roles.
Security+ covers how to assess an enterprise's security, from monitoring and securing hybrid environments to identifying and responding to security incidents. PenTest+ focuses on pen testing, vulnerability scanning, legal and compliance understanding, and how to report to stakeholders. CASP+, designed for senior practitioners, covers technical skills that include, among others, pen testing.
- Security+ is a 90-minute exam with a maximum of 90 multiple-choice and performance-based questions. Passing score is 750, on a scale of 100-900.
- PenTest+ is a 165-minute exam with a maximum of 85 multiple-choice and performance-based questions. Passing score is 750, on a scale of 100-900.
- CASP+ is a 165-minute exam with a maximum of 90 multiple-choice and performance-based questions. It is a pass/fail exam.
5. Certified Ethical Hacker
Rounding out the list of ethical hacker certifications is EC-Council's Certified Ethical Hacker (CEH). This vendor-neutral certification gets a mention because many job advertisements for pen testing include it as a desired qualification. Ethical hackers should be aware, however, that CEH is often considered basic and not indicative of competency.
To qualify, applicants must have two years of work experience in security. The five-day CEH training course consists of 20 modules and more than 220 labs that cover how to use thousands of hacking tools and how to hack multiple OSes. The four-hour, 125 multiple-choice CEH exam has a passing score of 70%.