PenTest+ vs. CEH: Which certification is better? [2022 update]
When looking for a certification in the penetration testing realm, you'll see that CompTIA's PenTest+ and EC-Council's CEH (Certified Ethical Hacker) certifications are somewhat similar to each other in terms of content as they both assess pentesting skills. They are also challenging and geared towards intermediate-level professionals with experience in a dedicated cybersecurity role.
Suppose you are preparing for a job in penetration testing, vulnerability assessment and management. In that case, you may be wondering whether one or both of these certifications will be worth pursuing.
The CompTIA PenTest+ objectives (domains) and CEH exam blueprint provide details on what the exam covers. "Objectives" and "blueprint" can be used interchangeably for exam content. Below are the details of the PenTest+ and CEH exams, along with the weight of each domain.
CompTIA PenTest+ (PTO-002) objectives
Scoping and organizational/customer requirementsProfessionalism and integrity
Perform active reconnaissance
Analyze the results of a reconnaissancePerform vulnerability scanning
- network attacks
- wireless attacks
- application-based attacks
- attacks on cloud technologies
Common attacks and vulnerabilities against specialized systems
Social engineering or physical attackPost-exploitation techniques
Analyze the findings and recommend the appropriate remediation
Importance of communication during penetration testingPost-report delivery activities
Analyze a script or code sample for use in a penetration testUse of specific tools during penetration testing
CEH exam blueprint v4.0
- Information Security Overview
- Cyber Kill Chain Concepts
- Hacking Concepts
- Ethical Hacking Concepts
- Information Security Controls
- Information Security Laws and Standards
- Footprinting Concepts
- Footprinting Methodology
- Footprinting through Search Engines
- Footprinting through Web Service
- Footprinting through Social Networking Sites
- Website Footprinting
- Email Footprinting
- Whois Footprinting
- DNS Footprinting
- Network Footprinting
- Footprinting through Social Engineering
- Footprinting Tools
- Footprinting Countermeasures
- Network Scanning Concepts
- Scanning Tool
- Host Discovery
- Port and Service Discovery
- OS Discovery (Banner Grabbing/OS Fingerprinting)
- Scanning Beyond IDS and Firewall
- Draw Network Diagrams
- Enumeration Concepts
- NetBIOS Enumeration
- SNMP Enumeration
- LDAP Enumeration
- NTP and NFS Enumeration
- SMTP and DNS Enumeration
- Other Enumeration Techniques (IPsec, VoIP, RPC, Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration)
- Enumeration Countermeasures
- Vulnerability Assessment Concepts
- Vulnerability Classification and Assessment Types
- Vulnerability Assessment Solutions and Tools
- Vulnerability Assessment Reports
- System Hacking Concepts
- Gaining Access
- Cracking Passwords
- Vulnerability Exploitation
- Escalating Privileges
- Maintaining Access
- Executing Applications
- Hiding Files
- Clearing Logs
- Malware Concepts
- APT Concepts
- Trojan Concepts
- Virus and Worm Concepts
- File-less Malware Concepts
- Malware Analysis
- Malware Countermeasures
- Anti-Malware Software
- Sniffing Concepts
- Sniffing Technique: MAC Attacks
- Sniffing Technique: DHCP Attacks
- Sniffing Technique: ARP Poisoning
- Sniffing Technique: Spoofing Attacks
- Sniffing Technique: DNS Poisoning
- Sniffing Tools
- Sniffing Countermeasures
- Sniffing Detection Techniques
- Social Engineering Concepts
- Social Engineering Techniques
- Insider Threats
- Impersonation on Social
- Networking Sites
- Identity Theft
- Social Engineering Countermeasures
- DoS/DDoS Concepts
- DoS/DDoS Attack Techniques
- Case Study
- DoS/DDoS Attack Tools
- DoS/DDoS Countermeasures
- DoS/DDoS Protection Tools
- Session Hijacking Concepts
- Application Level Session Hijacking
- Network Level Session Hijacking
- Session Hijacking Tools
- Session Hijacking Countermeasures
Evading IDS, Firewalls and Honeypots
- IDS, IPS, Firewall, and Honeypot Concepts
- IDS, IPS, Firewall, and Honeypot Solutions
- Evading IDS
- Evading Firewalls
- IDS/Firewall Evading Tools
- Detecting Honeypots
- IDS/Firewall Evasion Countermeasures
- Web Server Concepts
- Web Server Attacks
- Web Server Attack Methodology
- Web Server Attack Tools
- Web Server Countermeasures
- Patch Management
- Web Server Security Tools
Hacking Web Application
- Web App Concepts
- Web App Threats
- Web App Hacking Methodology
- Footprint Web Infrastructure
- Analyze Web Applications
- Bypass Client-Side Controls
- Attack Authentication Mechanism
- Attack Authorization Schemes
- Attack Access Controls
- Attack Session Management Mechanism
- Perform Injection Attacks
- Attack Application Logic Flaws
- Attack Shared Environments
- Attack Database Connectivity
- Attack Web App Client
- Attack Web Services
- Web API, Webhooks and Web Shell
- Web App Security
- SQL Injection Concepts
- Types of SQL Injection
- SQL Injection Methodology
- SQL Injection Tools
- Evasion Techniques
- SQL Injection Countermeasures
- Wireless Concepts
- Wireless Encryption
- Wireless Threats
- Wireless Hacking Methodology
- Wireless Hacking Tools
- Bluetooth Hacking
- Wireless Countermeasures
- Wireless Security Tools
- Mobile Platform Attack Vectors
- Hacking Android OS
- Hacking iOS
- Mobile Device Management
- Mobile Security Guidelines and Tools
IoT and OT Hacking
- IoT Concepts
- IoT Attacks
- IoT Hacking Methodology
- IoT Hacking Tools
- IoT Countermeasures
- OT Concepts
- OT Attacks
- OT Hacking Methodology
- OT Hacking Tools
- OT Countermeasures
- Cloud Computing Concepts
- Container Technology
- Serverless Computing
- Cloud Computing Threats
- Cloud Hacking
- Cloud Security
- Cryptography Concepts
- Encryption Algorithms
- Cryptography Tools
- Public Key Infrastructure (PKI)
- Email Encryption
- Disk Encryption
What are the similarities between PenTest+ and CEH?
As previously mentioned, the content of both PenTest+ and CEH are somewhat similar. Both are valid for three years from the date of the exam. However, PenTest+ requires 60 CEUs (Continuing Education Units) to renew, while CEH requires 120 credits for this purpose.
The content of both exams is designed by highly skilled subject matter experts (SMEs), who are specialists in penetration testing and ethical hacking. In addition, the PenTest+ exam is partly based on industry-wide survey results.
Both certifications are included in DoD Directive 8570 and are important assets for professionals who want to progress in the field of pentesting or ethical hacking in the government’s information assurance workforce. In addition, each credential is ANSI/IEC/ISO 17024 accredited and is mapped to NICE’s Specialty Areas.
PenTest+ and CEH certifications are vendor-neutral, globally recognized and available in various countries.
How do PenTest+ and CEH differ?
Despite similarities, the certifications differ from each other in various perspectives. CEH is an entry-level cert, while Pentest+ is at an intermediate level. Typical job roles can also differ, as shown below.
The difference in eligibility requirements
CompTIA recommends candidates of the PenTest+ exam have CompTIA Security+, Network+ or equivalent knowledge, in addition to a minimum of three to four years of hands-on experience in the information security or related domain. The PenTest+ exam is intended to follow CompTIA Security+, adding a technical, hands-on focus.
EC-Council’s CEH differs in that it requires a candidate to attend official network security training organized by the EC-Council’s Authorized Training Center (ATC) or meet other requirements. Below is a list of some accepted training solutions:
- Web-based training (WBT)
- Computer-based training (CBT)
- Instructor-led training (ILT)
- Academic learning
If a candidate doesn’t receive official training, they must meet the following requirements:
- Have two (2) years of work experience in the information security field
- Pay a non-refundable application fee of $100
- Submit a completed exam eligibility application
The difference in exam details
To earn CompTIA PenTest+, candidates need to pass an exam available at Pearson VUE testing centers and online that covers hands-on, performance-based simulations as well as multiple-choice questions.
To earn EC-Council’s CEH certification, candidates must pass an exam available at Pearson VUE (in-person or remotely proctored) or EC-Council (ECC) test centers. The test only includes multiple-choice questions.
Benefits of CompTIA PenTest+
According to CompTIA, a PenTest+ certification provides professionals with three times more employability. As per the NICE Cybersecurity Workforce Framework, CompTIA PenTest+ covers two more job roles — namely, vulnerability management and vulnerability assessment — in addition to penetration testing. It also reports that, according to Indeed.com, there are approximately three times more vulnerability management and assessment jobs in the U.S. than penetration testing jobs.
Unlike several other pentesting certifications, PenTest+ provides a more comprehensive overview of what a penetration tester should know, from project planning and scoping to project reporting and communication.
CompTIA PenTest+ encourages cybersecurity pros to think offensively with an investigative mindset that can help them assess a modern network's resiliency against cyberattacks, identify vulnerabilities and mitigate risks before something bad happens. Thinking like a penetration tester can help organizations discover weaknesses in security systems.
CompTIA PenTest+ certification validates technical skills and soft ones related to business processes, best practices and professionalism in penetration testing. These skills match the demand and needs of employers and, in the end, provide IT security practitioners with opportunities to earn a good salary and have several job prospects.
In the words of EC-Council: "To beat a hacker, you need to think like one!" This is what the CEH exam and certification is all about: preparing professionals to apply the same knowledge and tools as malicious hackers, but lawfully and legitimately.
According to EC-Council, the CEH program concentrates on ethical hacking, defined as a comprehensive term to encompass a series of functions, including penetration testing.
The CEH certification enables ethical hackers to implement a proactive security approach offensively. This is in addition to the reactive security approach, which is more defensive. Ethical hackers use advanced tools and techniques to perform penetration testing on their computers using a proactive security defense. They act like real hackers, albeit ethical ones, to look for weaknesses and vulnerabilities in targeted systems; in this way, they help their clients keep their networks and data safe against ever-evolving threats.
The credential can provide a career path to IT professionals who have the right mindset that is interesting, stimulating and financially rewarding. The average salary earned by a CEH is $83,591 per annum in 2021.
PenTest+ versus CEH: Which certification is right for me?
CompTIA PenTest+ certification suits highly skilled security professionals who perform penetration testing and vulnerability assessments on the targeted systems. This exam also incorporates management skills for planning, scope, management and exploitation of weaknesses. PenTest+-certified professionals can perform penetration testing in various IT environments such as mobile, cloud, desktops, and servers. They identify possible entry points for breaches, weaknesses in systems and organizational structures, and deficiencies in policies and training while protecting the organizational security infrastructure from malicious hackers.
Suppose you already have three or four years of experience in information security and are looking for a career in the penetration realm. In that case, pursuing this credential may be right for you.
EC-Council's CEH certification suits highly skilled security professionals who are well-versed in understanding and knowing the weaknesses and vulnerabilities in targeted systems. In roles as "white-hat hackers," professionals keep corporate networks and data safe against the ever-evolving threats of the Internet by using the same tools and techniques as attackers, but in a lawful manner.
If you already have at least two years of work experience in the information security domain, then pursuing this credential may be right for you.
The bottom line
In this article, we looked closely at the PenTest+ and CEH certifications. Both credentials primarily focus on penetration skills. However, PenTest+ covers other areas of vulnerability management and assessment. At the same time, CEH concentrates more on a proactive approach which allows ethical hackers to perform a pentest using the same tools and techniques that the hackers do. PenTest+ requires three to four years of experience in information security, while CEH needs two years of experience in the same field.
Do you have two to three years of penetration testing or information security experience? If yes, then why not apply for both PenTest+ and CEH? Due to the same practice areas and somewhat similar exam content. Both certifications prepare you for different aspects of the ethical hacking world. They can complement each other in a way that can provide you a competitive edge over other candidates and give you peace of mind on interview day and the job.
- Certified Ethical Hacker Certification, EC-Council
- CompTIA PenTest+ Exam Code PT0-002, CompTIA
- CEH Candidate Handbook v6.0, EC-Council
- Ethical Hacking: Choosing the Right Pathway, EC-Council
- The NEW CompTIA PenTest+: Your Questions Answered, CompTIA
- CompTIA PenTest+ vs. CEH: Which Is the Best Fit for You?, CompTIA
- CEH vs. CompTIA PenTest+: Thoughts from a Penetration Tester, CompTIA
- 5 Reasons Cybersecurity Experts Love CompTIA PenTest+, CompTIA