HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Certification Knowledge Overlap
EH-Net
May 23, 2013, 05:37:19 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Certification Knowledge Overlap  (Read 954 times)
0 Members and 1 Guest are viewing this topic.
Peleus
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: March 03, 2013, 09:34:13 PM »
Question about the variation in the knowledge thought throughout the wide range of qualifications from different providers, and even in different courses from the same providers.

After fantastic advice here I've taken up and am working through my eCPPT certification. Overall I'm finding it not to bad, but I'm noticing a lot of overlap with self taught knowledge I obtained through reading a ton of books on security related topics (I.e. Web Application Hackers Handbook, etc).

Digging deeper into many of the syllabuses of further certificates, I'm noticing a lot of the material seems common throughout. Information gathering techniques, enumeration, vulnerability assessment, exploitation,  post-exploit and maintaining access etc. Now obviously this is always going to happen to a point - these are central tenants of pen testing! My question is though how much value do you see in doing a range of certificates? Does this change if we're talking the same organisation vs different organisations?

I.e. What percentage of knowledge overlap would there be between OCSP and OSCE? Would someone who has completed OSCP & OSCE get value out of obtaining GPEN? Is every course going to talk about the variant of nmap scans or do they start getting more specialized rather than 'from the ground up?' and hence rehashing a lot of the fundamentals.

These answers help me figure out the value of pursuing multiple certificates. If a certificate is $1000+ but I gain a heap of new knowledge then I think it's fantastic value. If it costs $1000+ and I relearn 90% of the knowledge from other courses, but only 10% new then it's value relatively goes down. I also must note that I'm not meaning to be critical in any way of eCPPT when I'm asking these questions, it seems to be a good course. As I'm fortunate enough to be doing this out of interest (at this stage) rather than for career purposes I can be a bit more choosy with the qualifications I pursue.
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #1 on: March 03, 2013, 10:06:28 PM »
You'll see overlap because there is a methodology to pen testing. Techniques, however, are different between vendors. Depending on who you ask, you'll get different answers on which pen test certs are "worth it." One could argue that taking ALL of them would fill in the gaps the other vendors might have. Obviously, unless you have an unlimited training budget, that's not likely realistic, so you need to prioritize what you want.

As you've noticed, there are several "beginner" pen test certs and far less "advanced" ones. GXPN claims to be advanced, and it certainly is more advanced than some of them but in my opinion its lacking in some areas, for example.

A point of clarification:
Quote
What percentage of knowledge overlap would there be between OCSP and OSCE? Would someone who has completed OSCP & OSCE get value out of obtaining GPEN?

OSCE and P are very different certs. OSCP is pentest focused, OSCE is exploit development focused (mostly).

I personally started with OSCP and then went back and looked at the GPEN material. I decided that I wanted to spend that 5K somewhere else.

However, at my company we like to push people into GPEN first, then push them to OSCP. They seem to work well together.

Keep in mind, a lot of this stuff is teaching you methodology and "how to think" the rest is really just sharpening your own techniques and skills. Regardless of all the education you get, the best way to get really good at this, is to get real world experience in real environments.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 865



View Profile
« Reply #2 on: March 04, 2013, 07:51:14 AM »
cd1zz is right about everything he said.

Personally, I took the PWB (OSCP) course then self-studied for GPEN. The overlap is obviously huge because they are competitors targeting the same market. While OSCP is way more hands-on, GPEN focuses more on Windows based tools and the whole legal aspect of penetration testing.

So I took the PWB course for the content and I wrote the GPEN exam for the cert who is required on some contracts where I live. So if you're smart about it, you can get the most of the trainings/cert at a lower cost...  Wink
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.059 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.