Professional development

Penetration testing certifications

November 27, 2019 by Fakhar Imam

In our digital world, cybersecurity is of the utmost importance. Most businesses are connected through fragile networks. Compromising them via cyberattacks may jeopardize internet banking, e-commerce and sensitive data transmission. 

Penetration testing is a method used by penetration testers to evaluate the security of information systems by simulating the attack from a malicious source. In other words, penetration testing is an authorized test conducted to identify the weaknesses and security loopholes in the organization’s security posture and then take appropriate security measures to address these deficiencies.

Unlike the security provided by traditional security tools, penetration testers can provide dynamic security using several open-source methodologies such as PCI DSS, NIST 800-115 and the Open Web Application Security Project (OWASP). They even go one step beyond vulnerability assessment by exploiting the vulnerabilities found during the database penetration testing, perimeter testing, cloud penetration testing, file integrity checking, network security assessment and several other forms of assessments, and reporting their findings to the group commissioning the penetration test.

However, becoming a penetration tester is not a piece of cake. Proper certification and experience are required to safeguard a corporation’s IT infrastructure. In this article, we will take a detailed look into some of the most popular and industry-leading penetration testing certifications.

EC-Council Certified Ethical Hacker (CEH)

CEH is the fundamental information security certification that helps you to master hacking technologies and certifies you as an ethical hacker. When you’re CEH-certified, you will be able to identify vulnerabilities and weaknesses in target systems and employ the same knowledge and tools as a threat actor, but certainly in a legitimate and lawful manner. In a nutshell, the ethical hacker acts by taking all nefarious techniques and methodologies into consideration that hackers use during exploitation.

CEH involves hand-on practices in which the lab environment simulates real-world scenarios. The candidate must think like a hacker to effectively find security loopholes. The candidate will learn to defend systems by finding weaknesses and vulnerabilities and attempting to infiltrate them.

The updated CEH course is CEH Version 10 and its 20 modules (the course content) are listed below:

  1. Introduction to Ethical Hacking
  2. Footprinting and Reconnaissance
  3. Scanning Networks
  4. Enumeration
  5. Vulnerability Analysis
  6. Systems Hacking
  7. Malware Threats
  8. Sniffing
  9. Social Engineering Attacks
  10. Denial-of-Service Attacks
  11. Session Hijacking
  12. Evading IDS, Honeypots and Firewalls
  13. Hacking the Web Servers
  14. Hacking the Web Applications
  15. SQL Injection Attacks
  16. Hacking Mobile Platforms
  17. Hacking Wireless Networks
  18. Internet of Things (IoT) Hacking
  19. Cloud Computing
  20. Cryptography

The CEH requires every candidate to have at least two years of work experience related to information security. The candidate can attempt the CEH exam either by attending the EC-Council official training or by getting EC-Council’s approval through the eligibility application process. 

CompTIA PenTest+

The CompTIA PenTest+ exam validates candidates’ skills, knowledge and ability to perform penetration testing and vulnerability management. This exam also incorporates management skills needed to plan, scope and handle weaknesses, not just exploit them. 

PenTest+ differs from CEH in terms of technical skill level: the CEH is geared for beginners, while the PenTest+ is for those with an intermediate-level skill set. Below is the list of domains that a candidate will learn once they enroll for this course:

  • Planning and scoping for penetration testing
  • Information gathering and vulnerability identification
  • Attacks and exploits
  • Penetration testing tools
  • Reporting and communication

The recommended experience level for a PenTest+ requires Security+, Network+ or equivalent knowledge. Additionally, a minimum of three to four years of hands-on experience is also required in the realm of information security or related fields.

PenTest+ is a relatively new certification; however, with the CompTIA background, its credibility is established. The exam consists of two parts: multiple choice-based questions and practical hands-on scenarios.

IACRB Certified Penetration Tester (CPT) 

The Information Assurance Certification Review Board (IACRB) offers the Certified Penetration Tester (CPT) certification, which is designed to test the candidate’s skills and knowledge related to penetration testing. Below is the list of nine domains covered in this course:

  1. Pentesting methodologies
  2. Network protocol attacks
  3. Network reconnaissance
  4. Identifying vulnerability
  5. Windows exploits
  6. Unix and Linux exploits
  7. Covert channels and rootkits
  8. Wireless security flaws 
  9. Web app vulnerabilities

The CPT candidate identifies vulnerabilities in a computer system and then recommends appropriate security measures to enhance the security posture of the organization. There are no predetermined eligibility criteria for candidates applying for CPT. 

Certified Expert Penetration Tester (CEPT)

CEPT is an advanced IACRB certification for penetration testers who understand Windows and Linux operating systems and have exposure to network reconnaissance and associated tools (e.g., Nmap, Nessus and Netcat). As a CEPT-certified professional, you will be able to find and exploit vulnerabilities in systems and software applications. 

The targeted audience of this certification includes penetration testers, cybersecurity consultants, security analysts, malware analysts and anyone who wants to get a hacking-based certification. The CEPT certification covers the following nine domains:

  1. Pentesting methodologies
  2. Network attacks
  3. Network recon
  4. Windows shellcode
  5. Linux and Unix shellcode
  6. Reverse engineering
  7. Memory corruption and buffer overflow vulnerabilities
  8. Exploit creation for Windows architecture
  9. Exploit creation for Linux and Unix architecture

The exam consists of two parts, including multiple-choice questions and a three-step practical examination. There are no predetermined eligibility criteria for candidates applying for CEPT.

Certified Mobile and Web Application Penetration Tester (CMWAPT)

The CMWAPT certification, which is offered by the IACRB, is specifically designed to validate the candidate’s knowledge and skills related to mobile and web application penetration testing.

Below is the list of domains included in CMWAPT certification:

  1. Mobile and web application penetration testing process and methodology
  2. Web application vulnerabilities and web application attacks
  3. Android application components
  4. Android application attacks
  5. Components of iOS applications
  6. Attacks of iOS applications and secure coding principles 

Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)

The GPEN certification is offered by the GIAC. The GPEN-certified penetration tester is capable of analyzing target systems and networks to discover security vulnerabilities. For this to be done effectively, he or she will need to be equipped with the most common best practices. The objectives of this certification incorporate penetration testing methodologies and some of the legal issues associated with them. Below is the list of objectives covered in this exam:

  • Attacking the password hashes
  • Advanced the password attacks
  • Exploiting fundamentals
  • Domain escalation and persistence attacks
  • Escalation and exploitation
  • Password attacks
  • Metasploit
  • Moving files with exploits
  • Kerberos attacks
  • Password formats and hashes
  • Web application reconnaissance
  • Web application injection attacks
  • Scanning and host discovery
  • Vulnerability scanning
  • Reconnaissance
  • Penetration test planning
  • Penetration testing with PowerShell and the Windows command line
  • Penetration test planning

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

The GXPN, another pentesting certification by GIAC, is an advanced penetration testing certification designed specifically for advanced penetration testers whose job duty involves assessing target systems, networks and applications to identify vulnerabilities. The GXPN certification validates that the GXPN-certified advanced penetration tester has obtained the skills, knowledge and ability to carry out advanced penetration tests and find huge security loopholes in systems, as well as the business risks associated with these security loopholes. 

Below is the list of topics covered in this exam:

  • Advanced fuzzing techniques
  • Access the network
  • Crypto for penetration testers
  • Client exploitation and escape
  • Advanced stack smashing
  • Exploiting a network
  • Introduction to memory and dynamic Linux memory
  • Fuzzing introduction and operation
  • Manipulating a network
  • Introduction to Windows exploitation
  • Shellcode
  • Python and Scapy for penetration testers
  • Windows overflows
  • Smashing a stack

EC-Council Licensed Penetration Tester (LPT) Master

The LPT Master is an advanced-level, 18-hour certification exam that differentiates the great penetration testers from the novices. The candidate’s penetration skills are tested over three levels, each with three challenges, in the face of a highly protected multi-layer network architecture. The candidate will be required to make smart decisions under huge pressure at different stages of the test. He or she will also be provided with some tools, including network, web application and host penetration testing tools.

To qualify, students must be experts in advanced penetration testing techniques and tools, including:

  • Operation system vulnerability exploits
  • Multi-level pivoting
  • Host-based application exploits
  • SSH tunneling
  • Web server exploitation
  • Web application exploitation
  • Privilege escalation 

There are no predefined eligibility criteria to take the LPT Master exam. However, the student must be at least 18 years old.


From the first time you manage to find and exploit a vulnerability on a network, you’re officially a penetration tester, even if your job title and salary don’t yet reflect it. As your skills increase and become more refined and intuitive, there are many certifications to show off your skills at various levels. 

Review the information above before you decide which certification reflects your skills at this moment, not the aspirational level you wish you were at now. Taking too high of a certification exam can only result in failure, while going for an easy A in an exam that’s beneath your skills is a waste of money. Work your way toward the elite certs, but test at the places where your skills are at now. Good luck!



  1. 5 Reasons Why Penetration Testing is Imperative For Your Organization, EC-Council Blog
  2. CompTIA PenTest+: EXAM CODE PT0-001, CompTIA
  3. PenTest+ versus CEH, Infosec
  4. Cyber Security Certification: GPEN, GIAC Certifications
  5. Cyber Security Certification: GXPN, GIAC Certifications
  6. Certified Ethical Hacker Certification, EC-Council
  7. CEH (ANSI) Application Process, EC-Council
  8. The LPT (Master) Training Program: Advanced Penetration Testing Course, EC-Council
  9. Certified Expert Penetration Tester (CEPT), IACRB
  10. Certified Penetration Tester (CPT), IACRB
Posted: November 27, 2019


We've encountered a new and totally unexpected error.

Get instant boot camp pricing

Thank you!

A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.

Articles Author
Fakhar Imam
View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.