.

Best cert for practical experience in pen testing

<<

worryfree

Newbie
Newbie

Posts: 4

Joined: Mon Apr 13, 2009 2:08 pm

Post Tue Apr 14, 2009 1:03 pm

Best cert for practical experience in pen testing

[sub][sub]Hi,
I'll be looking for work in the next few weeks (Agilent Tech, major workforce restructuring!) in the UK. I have approx 10 years sys admin and 4 years as System/Security Test, mostly using Nessus, I have recently passed the Security+ (2008) and now looking for a cert which will give me additional practical experience as well as being recognised by an employer,  as I'll be concentrating my job search on Pen Testing oppurtunities. I was looking at either the OffSec or the CEH. Any advice on which would eb the best as well as timescales to study/take. I'm on 'leave' as of now so have my days available for study.
Any help appreciated.
Cheers
Worryfree
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Apr 14, 2009 10:34 pm

Re: Best cert for practical experience in pen testing

I've taken the GPEN from SANS and I highly recommend their training. The provide a lot of technical aspects but also cover the business side which I hear is lacking in some of the other Pen Testing training.
twitter.com/timmedin | http://blog.securitywhole.com
<<

worryfree

Newbie
Newbie

Posts: 4

Joined: Mon Apr 13, 2009 2:08 pm

Post Wed Apr 15, 2009 6:51 am

Re: Best cert for practical experience in pen testing

I'll be funding myself and solely based on this I'm inclined to go with OffSec not unless there are any other options, even the material only with cert exam seem expensive for the GPEN.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Apr 15, 2009 7:38 am

Re: Best cert for practical experience in pen testing

I haven't taken the OffSec courses, but I have heard nothing but the best about them.  I've been told that they are challenging and prove your skill.  There are a few people here with that cert, perhaps they can speak from personal experience.

I did take the CEH course.  It was a good introduction into ethical hacking.  It feels like the next step from Security+.  It will not teach you how to "hack."  You should be able to pass this from just studying the literature.

The CEH cert has more name recognition from my experience.  It will probably open a door or two for you, although not anything like CISSP.  OSCP will actually help you do your job when it comes to pentesting.  This is only my opinion.
~~~~~~~~~~~~~~
Ketchup
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Apr 15, 2009 8:38 am

Re: Best cert for practical experience in pen testing

I used to work for Agilent. It's a good place to be from.  :P
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Wed Apr 15, 2009 9:48 am

Re: Best cert for practical experience in pen testing

worryfree wrote:I'll be funding myself and solely based on this I'm inclined to go with OffSec not unless there are any other options, even the material only with cert exam seem expensive for the GPEN.


You can get it at a discounted rate if you do some volunteer work. Only $700 for the class, cert attempt, and OnDemand training.
http://www.sans.org/training/volunteer.php
twitter.com/timmedin | http://blog.securitywhole.com
<<

worryfree

Newbie
Newbie

Posts: 4

Joined: Mon Apr 13, 2009 2:08 pm

Post Thu Apr 16, 2009 10:01 am

Re: Best cert for practical experience in pen testing

Thanks timmedin, much appreciated, I've signed up to volunteer for the London SANS in November, I think it will be a great experience as well as making the GPEN affordable.
In the meantime I think I'll sign up for the OffSec course.
<<

eternal_security

Newbie
Newbie

Posts: 36

Joined: Thu Nov 13, 2008 10:35 am

Post Fri Apr 24, 2009 4:38 pm

Re: Best cert for practical experience in pen testing

You won't regret taking classes from Offensive Security.  timmedin is right about not covering business aspects, but if you want practical, hands-on experience at a very reasonable price, OffSec101 (now called Pentesting with Backtrack) is an amazing class.
<<

ficti0n

Newbie
Newbie

Posts: 4

Joined: Mon Mar 23, 2009 1:42 pm

Post Fri Apr 24, 2009 7:44 pm

Re: Best cert for practical experience in pen testing

Dont even bother with the CEH its worthless... Useless for getting a job, Useless for learning anything practical... and all around a complete waste of time...

Take the offensive Security 101 training instead.. You will learn much more then the CEH and it will be practical experience not memorizing slides and useless information about trogen passwords from 1995..... man the ceh is useless, note I took that exam back in 2003 and it hasn't improved much from what i have seen...

Also if you do get a bit of money.. The training from infosec institutes advanced class is very good if you are interested in another certification that will prove that you actually learned something.. CEPT Warning with that cert though... Make sure you go into that class knowing how to use linux... basics of how overflows work.. and at least read up on Assembly and know the basics......

Hmmm GPEN I dont know much about... I know that ed scoudos guy seems to be pretty knowledgeable and he wrote the course and teaches it.. his web casts are great so try for the discounted 700 dollar volunteer work... I dont think you could go wrong with that..... Plus I think with that you get access to the online material for a bit too....

Another great place to learn stuff is on the forums.... This forum.. Learn Security Online's forum... The backtrack forum... Blogs like carnol0wnage.. etc etc....
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Apr 24, 2009 8:01 pm

Re: Best cert for practical experience in pen testing

I'm 100% behind what ficti0n said. Don't waste your time with the CEH program. It's best you get what you pay for & in these economical times , the Off Sec course hands down is some of the best training you could pay for , for a damn good price. I hate to rag on the CEH here but I think it's way over priced and they throw a bunch of worthless tools together to make it look like your picking up on a bunch of knowledge (Come on Neo Trace? Who uses this tool during a penetration test). At least the Off Sec course walks through a hands on demo of exploit development and you walk away having hands on experience of some common attack vectors used by attackers today. I personally think it's good paying a good price for a course that can teach you a more hands on approach then paying 2 or 3 times as much as walking away having to take a written test to get your certification as oppose to actually proving the skills you learned in a practical lab environment. This to me hands down is the difference between these two courses and I again say , go for the OSCP Cert instead of the CEH!
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sat Apr 25, 2009 7:52 am

Re: Best cert for practical experience in pen testing

Ok, well, I can't say that I entirely agree with the two above. But I don't disagree with everything stated either. Having taken all three of the mentioned courses (CEH, OSCP and GPEN) I can certainly offer comparisons between them.

That being said, the CEH was the first certification I obtained. It did give me some recognition with my employer at the time (quite possibly from just the name), and it definitely came into play shortly after once I started getting security-related tasks. Now, I had prior hobby experience before earning the CEH, and I did further research/testing/etc. on my own during and after the course. What I'm getting at (and I've said this in the forums here before - as well as others) is that the CEH can be what you make of it. It's an introductory certification, not meant to make you an expert. If you take the concepts learned, the tools used and the resourcefulness you should have as an ethical hacker, you can quite easily turn the CEH into a lot more. And this isn't just for CEH, but for any security certification in general you're going to need to constantly stay updated.

For the cheapest route, you could do OffSec or CEH courseware. Then of course if you do the volunteer thing for SANS, you can get the GPEN for a great price. Knowing what each includes and that you're trying to get the most bang for your buck, my suggestion would be this: Do the OffSec course and buy one or two of the CEH prep books (not the official review guide, but the ExamPrep or the Prep Guide. If you decide to take the exam, then purchase the Official Review Guide for studying prior. Since you mentioned doing the volunteer thing with SANS, that's when you can do the GPEN. They will all certainly complement each other and you'll learn quite a lot.

BillV
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Sat Apr 25, 2009 9:18 am

Re: Best cert for practical experience in pen testing

Hi Worryfree

I am in a similar situation as yourself as in i have been in sysadmin for a while but not quite as long as you and want to get into the Security industry as a Pen Tester.  I have also completed the Security+ exam but have a very low budget to go towards courses and have been looking at the OSCP.  I have noticed that in the UK the required certifications are either CHECK or CREST but you have to be very competent before you can even think about taking on these qualifications and are still a couple of grand to do.  I have mentioned on the site a few times about the Tigerscheme but no one seems to really know of it and are therefore hesistant to go into that direction, as they provide courses followed by an exam but are unfortunately still very expensive  :'(
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sat Apr 25, 2009 12:53 pm

Re: Best cert for practical experience in pen testing

I always had the same question, which to do first OSCP or CEH, I understand that CEH is an entry level and the OSCP is a practical leve, but normally what do you take first?
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

LSOChris

Post Sat Apr 25, 2009 2:19 pm

Re: Best cert for practical experience in pen testing

they answer to that question is very dependent on a person's background.

if you already know some things then Off Sec course is probably good for you.  if you dont know anything you'll be totally lost if you take the off sec course and CEH may be better for you.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Apr 25, 2009 7:03 pm

Re: Best cert for practical experience in pen testing

The path I took waz
CEH -> OSCP101 -> GPEN560

Introduction -> Hands On -> Hands On/Business Stuff respectively
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software