The Professional Penetration Tester
There are a number of penetration testing courses and certifications available. You may be thinking, do we really need one more? First let us examine what is currently available. There are some excellent tests/courses out there. Some give a wide coverage of a dizzying array of tools. Others provide hands on labs as part of the certification test. I think that knowledge of tools and hands on experience are both critical to being a good penetration tester. So I don’t discount the existing tests at all. In fact I have some of them, and found them to be very good. However, I think there is something missing from the current penetration testing courses/certifications. While some current certification tests do have some emphasis on the process of penetration testing, I don’t feel that any go far enough.
It is time for penetration testing to move from being an art, to being a true professional discipline. That means a solid, repeatable process. Yes penetration testers need to know tools. They also need to know techniques. Yes this is an area one cannot learn without hands on experience. And the Professional Penetration Tester (PPT) does include those things. In fact this course has more depth on SQL Injection than many certification courses. We also include a basic introduction to Linux with Kali Linux and some of the wonderful tools in Kali. But we add something else.
The PPT course and test first cover a range of existing penetration testing standards such as:
- NSA Information Assessment Methodology
- NIST 800-115
- NIST 800-53
- PCI Penetration testing standards
Then after showing you these (as well as other standards) the course gives you a comprehensive approach to systematic penetration testing. The emphasis is on a methodology of penetration testing that one can apply, regardless of the specific tools and techniques used.
Of course the test also covers standard penetration testing tools and techniques such as NMap, Netcat, Kali Linux, Windows Hacking Techniques, Malware (including basic Malware creation), basic cryptography, terminology, Trojan Horse Creation, and other standard tools and techniques. The course also includes access to a test server where you can execute SQL Injection and Cross Site Scripting. When the class is presented in person, it includes hands on labs with Kali Linux and Windows hacking.
When considering any certification, you need to ask if the test creation was done correctly. In fact that should be a very critical question for you to ask. Who created this test? Does that person have the appropriate skillset to create a certification test? This test is the brainchild of Chuck Easttom. Mr. Easttom has extensive experience in IT security, penetration testing, and certifications:
1. He personally currently holds 32 industry certifications. He was also part of the team that created the CompTIA Security+, Linux+, and Server+ certifications and he was on the team that revised the CEH v8. So he understands how credible certification tests are created.
3. He has authored 19 computer science books, including forensics books, certification prep books, and computer security text books. So his knowledge of computer security is extensive.
4. He routinely conducts penetration tests.
5. He routinely teaches computer security, penetration testing, and forensics to a variety of companies, law enforcement agencies, government agencies, and friendly foreign governments. His teaching experience also includes many years of teaching a variety of certification courses.
The course/test itself is the culmination of years of teaching and refining his own penetration testing course. You can see his entire background at www.ChuckEasttom.com. This course was developed via his company CEC-Security LLC which is an approved vendor by the U.S. Department of Homeland Security National Initiative For Cyber Security Careers and Studies (NICCS)
Another issue that I believe all readers can relate to is cost. Certification tests are getting very expensive. $500 U.S. Dollars to over $1000 U.S. Dollars are becoming common costs. This is very expensive. The Certified Professional Penetration Tester exam is $99. It is taken online at your convenience. You can also challenge the test, without taking the course.
Training centers are also looking for course material they can offer without paying exorbitant fees. This training material can be used with no licensing fee at all. You just have the test creator come teach one class at your site, wherein your trainers set in on the class. They can then use that material and teach the class on their own with no licensing fee at all. So this test is affordable for the student and the trainer both!
This new certification will be fully released this fall. In the meantime you can review the test domains and test specifics online at http://www.professionalpentester.com/