I want to be a Penetration tester, but I don't know much about all the certifications that you can get.

If anyone could make a "list" of the certifications that you need in order to become a Penetration tester, I would be very glad.

Like what certifications to take first and so on. 1,2,3 etc.

My experience:
I started my hacking "hobbies" on Hackforums.net back in 2009. There I learned all the basic App injections. There's not much to come for on that site.

I've been trough the CEHv7 material. It was kinda basic in my option.

Well, I hope that someone can help me a little, just to get started.

Regards,
-Root.

Thank you very much.
The information that you gave me was very helpful.
And the link, it's a great help.

Regards
-Root.

In the Asian region, the qualification which is often referred to is C|EH, but it's not mandatory. SANS or OSCP is not well known for HR. In several countries, you need to be their citizens as a prerequisite.   

Not wanting to hi-jack the thread but I'm not sure I understand the logic behind removing certifications from CV's or LinedIn. I've achieved more respected and advanced certifications since gaining C|EH, but C|EH still holds a mention on my resume.

Regardless of opinions of particular certs, surely having a questionable (in some people's eyes, discussion for another thread) cert like C|EH is still better than an empty space in it's place?

Admittedly I sat C|EH with it's reputation in mind as a way to bypass HR filters rather than 'prove' technical capabilities, but I still sat the cert for a purpose. If you're not going to display a cert, why take in the first place?

To answer Root's original question: you don't necessarily need certs to to be a pentester, but if you want to find work you will likely need to be able to by-pass HR filters and pass minimum requirements in particular industries. Using the UK as an example, C|EH can often achieve the first, with CREST/CHECK providing the second (as MaXe has already stated). YMWV depending on location/business sector though.

You don't need any information security certifications there, you just need to make sure you don't get into any legal trouble. For (some or all) PCI assessments you need insurance though. But that's not really penetration testing though.

I know where it is as one of my best friends is from there, plus I am from Denmark as well  

As the Faroe Islands and the rest of Scandinavia is not _that_ evolved in information security, you may find it hard to find clients in those countries as the big companies are already selling to those that actually wants to buy information security services. A lot of the companies in Denmark doesn't get external penetration tests done, as they haven't been hacked yet, so why should they? Insanity at high level  

Anyway, you can still create a penetration testing company and get clients in almost any country if you just meet their legal requirements if there is any, and if you are good at selling your services.

Keep in mind, that if you are going to do this alone, you will have to spend a lot of time on sales, management, etc., over penetration testing and the most important but also less interesting, reporting.  


I would say it depends on the company you are applying at, if you only got CEH, and it's a highly technical and very serious company, they might think you're joking. No offence intended.