March 18, 2015

We have done a few posts around this topic already, but as we receive a lot of questions around this we would like to share our views. If you need a Pentesting Cert for your resume and recognition, then the CEH/LTP from EC Council along with Mile 2 certifications and every program that has some U.S. government endorsement or backing is a good choice.

If you are doing the certification to actual learn real hands-on Ethical Hacking and Penetration Testing, there is only one choice. Offensive Security. We are not part of them but because their courses and exams are so good, detailed and tough – we highly recommend them. Anyone passing those exams will be a real hands-on expert. They currently offer 5 different classes associated with 5 different certifications:


The Offensive Security Certified Professional certification (OSCP) is the accompanying certification to the Pentesting with Kali Linux course and is unique in its field in that it is the only security certification in the market that requires a fully “hands on” approach, leaving no space for multiple choice questions. The student is placed in a lab network with several vulnerable machines and points are awarded if a successful hack is performed. The student must demonstrate their depth of understanding by submitting both the steps they took to penetrate the box as well as the proof.txt file.


The Offensive Security Wireless Professional (OSWP) certification demonstrates that students of the Offensive Security Wireless Attacks course possess the knowledge and skills needed to successfully attack wireless networks in varying configurations. In order to earn the OSWP certification, the student has to attack a series of wireless networks in a real deployment, requiring the student to be responsive to unexpected situations and demonstrate they know how to use the right technique for a given scenario.


Cracking the Perimeter students can opt to take the Offensive Security Certified Expert (OSCE) certification challenge. Going far beyond the material directly covered in the CTP course, the OSCE exam validates the student’s grasp of the concepts presented in the material and proves their ability to think laterally under pressure, devising creative methods to achieve the exam objectives. Due to the challenging nature of this exam, candidates are provided with 48 hours to complete it successfully.


The Offensive Security Exploitation Expert (OSEE) certification is the companion certification to the extremely demanding Advanced Windows Exploitation course. The OSEE certification thoroughly assesses not only the students understanding of the course content, but also their ability to think laterally and adapt to new challenges while under pressure. In this extremely challenging exam, the student is provided with 72 hours in order to develop their exploits and fully document the steps taken.


The Offensive Security Web Expert (OSWE) certification is the accompanying certification to the Advanced Web Attacks and Exploitation course. In this 24-hour exam, students are placed in an unknown exam environment where they are to demonstrate their knowledge not only of the course material, but web application vulnerabilities in general. Exam candidates are required to analyze and exploit a selection of vulnerable targets and provide comprehensive documentation detailing their attacks.

To find out more:


We have decided to make another blog post around this topic as we receive a lot of questions daily around Pentesting Certifications from students, college grads and other IT consultants. Now if you want to offer Penetration Testing services, which certifications should I possess?

The answer is tricky. There is no international standard like with vendor certifications from Cisco, Juniper and the likes. The main question is, where do you want to conduct Pentests / where are your customers?

United States

The EC Council and the relevant certifications Certified Ethical Hacker (CEH) and Licensed Penetration Tester (LPT) are usually required for US engagements. We have also seen that companies recognise the value of the Offensive Security Certifications (OSCP, OSWP etc.) because those certs really show practical skills and the exams are 100% hands on. Mile 2, GIAC/GPEN are also gaining momentum in the US. As the US typically sets the benchmark for IT innovation and certification, those exams are a good starting point for Pentesters. As for exam fees, the CEH is around $500 USD for the exam, Offsec around $1200 for the training, lab access and the exam.

Rest of the world (Latin America, Africa, Asia, Oceania and Europe (except the UK)

The certifications which are typically asked for anywhere else in the world are the CEH and LPT from EC Council. Offensive Security also gets more and more attention outside North America.


Unfortunately they run their own country specific certification program called CREST. The content is very much alike the one from the EC Council but it’s a UK certification only. The problem with CREST is that a lot of the UK businesses require that certification for a Pentest engagement, whilst it’s completely unknown and unrecognised anywhere else in the world except for Australia. So if you are a Pentester in the UK, you have to get CREST certs for UK work and the other international ones in case you want to do engagements in mainland Europe, North America or elsewhere. We recently wanted to engage a highly skilled CREST certified contractor from the UK for a US client with offices in Europe, but the customer did not accept CREST, so we had to swap consultants on this engagement. Also the pricing is very expensive ranging from around $600 USD to $2500 USD per single exam.


It’s not as straight forward as with vendor certifications or internationally accepted certs like the CISSP. Like with all certifications, nothing beats real world experience but you need to have some certifications under the belt to give customers and employers a comfort blanket. Personally we think that the Offensive Security Certifications are the best ones in the field, as they are really touch hands-on exams rather than multiple choice questions.