The Art of Software Security Assessment by Dowd, McDonald and Schuh
-Wonderful overall assessment of the modern state of security (this book is HUGE)

Network Security Assessment by Chris McNabb
-This O'Reilly book is one of the best hands on guides I've found.

Linux Hacker Tools by Ivan Sklyarov
-This book explains how to build tools yourself, and in the process explores a lot of the underpinnings of many such tools.

Hacking, the Art of Exploitation by Erickson
-This is a great book that goes through a lot of hands on exercises valuable to penn testers.

Security in Computing by Pfleeger and Pfleeger
-The obligatory textbook to cover everything not covered above

I have to disagree with some of the other recommendations.  I find the Hacking Exposed series has jumped the shark and tries to be too much for too many people.  You get a real scattershot with that book in the latest edition.  I found Art of Deception to be interesting, but it's all about social engineering.  I'm not sure that would be in my top 5 for penn testers (I think finding technical security holes is more valuable to penn test clients, but that's just my opinion).

I do agree that a programming book or twenty are useful.  At the very least you should memorize the O'Reilly Practical C Programming by Loudon.  If you don't know how to program in a language or use a technology you have to rely on tools to find vulnerabilities.  Building Secure Software by McGraw and Viega is an invaluable resource.

http://www.MadIrish.net

I've recently completed the CEPT certification and I'll say that it takes far too long to complete to be able to proctor it.

One of the vulns that you had to discover in a Windows app was actually pretty well documented online (IIRC there's a metasploit module).  I ended up finding and writing a custom exploit, but it would be possible to crib something from an external stie.  The other two were programs custom written and provided by IACRB so there wasn't any direct help available online.  One was source code for an app that had to be installed on a Linux host then you had to write an exploit (so you had access to the source and the running service).  That program had a string format vulnerability, but the program was sufficiently complex that the straightforward tutorials on exploiting string format vulns were pretty useless in terms of cut-and-paste code development.  The other was a compiled Windows binary that was a simple program that didn't really do anything (it asked for registration credentials).  You had to reverse engineer the application and modify it so it would accept any credentials as valid.  I don't think you could get any help for that exercise from teh interwebs.

I suppose you could collaborate with someone else on the practical, but someone would still have to do the legwork so I think the exercise would still be valuable in that case.  Spotting collaborators or someone who got the answers from another individual would probably be pretty easy given the nature of the exercises though (the possibility of two people turning in identical exploit code is pretty low if both copies were developed independently).

I would heartily agree with statement that anyone with this certification really knows their stuff.  You have to be comfortable with C/C++, debuggers as well as with x86 memory architecture and assembly in order to complete the exercises (in addition to understanding the security concepts).  The certification demonstrates the holder not only understands the security concepts but can discover and apply their knowledge successfully.

My only concern with the certification is that the IACRB isn't very transparent and there isn't much information about the organization available.  One can easily uncover it's association with the InfoSec Institute, but beyond that it's rather opaque.  For instance, there's no way to know how many people the IACRB certifies or to easily verify a certification holder.

http://www.MadIrish.net