Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What exams should I take?
This is quite a common question. Of which the answer is reletive.

However, we will do our best with this post and the subsequent comments to help answer the best we can.

The first question I guess, should be; what area of IT are you wanting to get into.

It is quite a mammoth task to compare and outline 100% accurately all these courses, especially when you factor in bias and industry reputation. It is very easy for this discussion to enter a “is it worth it” angle – but instead we tried just to stay within an academic or better said, training dimension. We are interested in what you actually learn and what the syllabus contains.

In summary – and this is a real basic summary! – we think that CEH is widely known and for HR – it is fast becoming a check-box that helps to get that interview. CPTC and CPTE / CPSA and CRT are similar in that they have a more consultancy and business role to them – which is great if you are already qualified but missing that business client-side to your resume. GIAC and CCT looks at penetration testing from a very methodical approach and Security+ is the all-round winner in due to its’ longevity and proof of concept with its’ solid syllabus.

Below are a fwe examples of Certifications relevent to Security.

1. CPTC – Certified Penetration Testing Consultant
2. CPTE – Certified Penetration Testing Engineer
3. CompTIA – Security+
4. CSTA – Certified Security Testing Associate
5. GPEN – GIAC Certified Penetration Tester
6. OSCP – Offensive Security Certified Professional
7. CEH – Certified Ethical Hacker
8. ECSA – EC-Council Certified Security Analyst
9. CEPT – Certified Expert Penetration Tester
10. CPSA - Crest Practitioner Security Analyst
11. CRT - Crest Registered Penetration Tester
12. CCT - Crest Certified Tester
13. CISSP - Certified Information Systems Security Professional
14. CCNA - Cisco Certified Network Associate
15. CCNP - Cicsco Certified Network Professional
16. CCIE - Cisco Certified Internetwork Expert

Unless otherwise stated these certifications are assessed by multiple choice and they require continuing education.

You will find live mock exams with real questions and grading, with realistic points and time limit over at our mock exam pages

Taking each of these certifications in order: CPTE and CPTC are very similar – but the CPTC is slightly more geared towards the business end of penetration testing. Mile2 offer both of these security certifications and we have already spoken at length on the differences between CPTE and CPTC. We also have a download that examines CPTE in more detail. In summary Mile2 is becoming rapidly popular due to the US military adopting several of their courses and the fact that they have excellent instructors. For more information please click on the above links within this paragraph.

CompTIA Security+ (also known as SY0-301)
The Security+ is an excellent all-round certification in information security. Having been around for a long time now – CompTIA , as a charity and vendor-free organization, remains a highly venerated IT training body. We have a detailed review and a huge amount of information related to Security+ including: “Why study CompTIA Security+?, How to break into Information Security field, (detailed) Security+ syllabus, exam structure – how is it graded?, practice online exam center (Virtual Test Center), an overview of required acronyms, expected salaries and opportunities in 2013, the CompTIA course pathway, 300 interview questions and 13 interview no-no’s! You can get all of that in a nice pdf format here. Worth re-iterating that we also offer for free a Security+ practice exam with model answers!

However – if you don’t have time to drill down into all of that data here is a list of the modules you would have to learn if you decide to sit for the Security+ exam and certification.

1.0 Network Security
1.1 Explain the security function and purpose of network devices and technologies
1.2 Apply and implement secure network administration principles
1.3 Distinguish and differentiate network design elements and compounds
1.1 Explain the security function and purpose of network devices and technologies
1.4 Implement and use common protocols
1.5 Identify commonly used default network ports
1.6 Implement wireless network in a secure manner
2.0 Compliance and Operational Security
2.1 Explain the security function and purpose of network devices and technologies
2.2 Carry out appropriate risk mitigation strategies
2.3 Explain the security function and purpose of network devices and technologies
2.4 Explain the importance of security related awareness and training
2.5 Compare and contrast aspects of business continuity
2.7 Explain the impact and proper use of environmental controls
2.8 Execute disaster recovery plans and procedures
3.0 Threats and Vulnerabilities
3.1 Analyze and differentiate among types of malware
3.2 Analyze and differentiate among types of attacks
3.3 Analyze and differentiate among types of social engineering
3.4 Analyze and differentiate among types of wireless attacks
3.5 Analyze and differentiate among types of application attacks
3.6 Analyze and differentiate among types of mitigation and deterrent techniques
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities
3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning
4.0 Application, Data and Host Security
4.1 Explain the importance of application security
4.2 Carry out appropriate procedures to establish host security
4.3 Explain the importance of data security
5.0 Access Control and Identity Management
5.1 Explain the function and purpose of authentication services
5.2 Explain the fundamental concepts and best practices related to authentication, authorization and access control
5.3 Implement appropriate security controls when performing account management
6.0 Cryptography
6.1 Summarize general cryptography concepts
6.2 Use and apply appropriate cryptographic tools and products
6.3 Explain the core concepts of public key infrastructure
6.4 Implement PKI, certificate management and associated components

CSTA – Certified Security Testing Associate
CSTA is maintained by a British organization called 7Safe. CSTA is a four day course and has a syllabus somewhat like the Certified Ethical Hacker by EC-Council. 7Safe have a network of authorized training centers. CTSA is interwoven within lab testing – i.e. the course is very hands-on and practical.

It will be interesting to see the uptake for CSTA. Our hunch is that it will have a difficult time against the strongly established CEHv8 (Certified Ethical Hacker) and Security+. The premise for this security certification is to think and behave like a hacker so that the student will better learn and prepare against attacks. This is all excellent but it just seems very familiar to CEH. Anyways – good luck to them and we will certainly be keeping a close eye on their progress and course acceptance. In their own words, “The CTSA course is suited to system administrators, IT security officers and budding penetration testers.”

We understand that the CSTA is a progression path towards an ultimate goal of becoming a CREST Registered Tester.

OPEN – GIAC Certified Penetration Tester
GIAC claims to be the most “methodical pentesting course” that trains the student to seek and destroy security vulnerabilities within weak configurations, unpatched systems, and/ or inherited legacy botched architectures. SANS places emphasis on training the student to work with flawed legacy systems which certainly has appeal in a job interview, especially if the position is to rectify a “broken” network or computer system.

Certainly a very in-depth course GIAC is seeking to covers all elements of successful network penetration testing by training students to improve their enterprise’s security stance. According to the course summary, students learn how to perform detailed reconnaissance, scanning, experimenting with numerous tools in hands-on exercises and exploitation. Similar to CPTC (mile2’s consultancy/ business-leaning cert) GIAC also includes a professional auditing module: i.e. the training includes a module designed to help students understand how to write report that will maximize the value of the penetration test from both a management and technical perspective.

GIAC as you would expect also includes lab work to help the student work with exploitation frameworks and all necessary pentesting tools.

OSCP – Offensive Security Certified Professional
The mighty BackTrack pentesting distro is connecting to this IT security certification – meaning that it is the same organization – Offensive Security. (If you are interested in linux pentesting distros we put together a really great list here – which includes our favorite: Backbox).

Relatively new to the stage the “Offensive Security101” training course seems to be maturing well and gaining acceptance. It certainly was a smart move to create such a popular linux distro and then add IT security courses to it – because, naturally, all the tools contained within the distro are precisely what the (and all information security courses) require you to be proficient with.

This course gives a solid understanding of the penetration testing process. If we understand correctly the course is mainly aimed at the CBT market. The registration entitles you to downloadable “Offensive Security 101” course videos. For an additional fee you can opt to take their online lab (30 day access) and certification challenge (similar to mile2’s CBT course program).

CEH – Certified Ethical Hacker
The Certified Ethical Hacker certification, offered by EC Council, is a popular cyber security certification. The exam contains 150 multiple choice questions which must be answered within 240 Minutes with a passmark of 70%

Regarding as being content heavy – the CEH still holds sway on our opinion. We think that EC-Council have always believed that to beat a hacker, you need to think like one – and that in our opinion sums up the course perfectly. CEH immerses the student in a hands-on fashion where they are taught how to work, test and audit like a professional ethical hacker. The course starts by instructing students how to breach perimeter defenses and then effectively scan and attack networks. True to the principle that you gotta think bad to do good (i.e. think like a hacker) – students will also learn how to escalate privileges, create a secure shell and what steps can be taken to secure a system. In addition, participants will learn about Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows, Virus Creation and more.

ECSA – EC-Council Certified Security Analyst
EC-Council are extremely involved in the community. They organize the Hacker Halted conferences in the US and Asia and have been pioneering some really great IT security certifications. Their courses are either offered online, via their iClass course delivery or Live Instructor Led (i.e. in person). Following from CEH is the ECSA – or CSA.

The ESCA is designed to perform better audits of security systems, in other words, what are the result of the pentest? The ECSA is very similar to mile2’s CPTC in that the course is client focused in being able to present accurate data and post-testing suggestions to employer and/ or clients.

ESCA does follow on from CEH (and indeed EC-Council suggest that you first finish Ethical Hacker) because the post-reporting can only be achieved with an understanding of the processes in the first place. In summary, the ESCA’s purpose is to add value to an experienced security professional by assisting them to analyze the outcomes of their penetration tests.

CEPT – Certified Expert Penetration Tester
Like the rest, this certification is assessed by multiple choice (100 questions with a passmark of 80%). This certification is different to the rest because it relies more on programming and understanding the actual code. You really must speak C++, Python and understand compilers/ assemblers before taking this course. Here is a summary of the CEPT syllabus and modules that a student must complete to pass the certification. There are nine modules:

1. Penetration Testing Methodologies
2. Network Attacks
3. Network Recon
4. Shellcode
5. Reverse Engineering
6. Memory Corruption/Buffer Overflow Vulnerabilities
7. Exploit Creation – Windows Architecture
8. Exploit Creation – Linux/Unix Architecture
9. Web Application Vulnerabilities

Forum Jump:

Users browsing this thread: 1 Guest(s)