Topics In Demand
Notification
New

No notification found.

Blog
Industry validated certification is key for a career in penetration testing

February 11, 2021

163

0

The demand for skilled and certified penetration testers has been growing as enterprises are keen to identify gaps in their defense systems. While there’s a dearth of cybersecurity talent in general, penetration testers, often known as “Pen” testers are the people that companies seem to have especially difficulty hiring.

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks. Insights provided by the penetration test can be used to fine-tune web application firewall (WAF) security policies and patch detected vulnerabilities.

The majority of hiring companies want the pen tester that they hire to have at least a bachelor’s degree in a field related to IT or cybersecurity. Most also ask for particular certifications. Some of the options for pursuing a pentesting certification include EC-Council Certified Ethical Hacker (CEH), IACRB Certified Penetration Tester (CPT), CompTIA PenTest+, Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) and Offensive Security Certified Professional (OSCP).

The above are only a few options available for a penetration testing certification. One needs to diligently compare different certifications available in the market before deciding which one is the best for you. Here, let’s talk about some of the factors that differentiate Comp TIA’s PenTest and  EC Council’s Certified Ethical Hacker (CEH).

In terms of minimum experience required for being eligible to appear for the examination, PenTest+ recommends that the examinee has a minimum of three to four years of work experience besides the Network+, Security+ or equal education. The CEH recommends that you have a minimum of two years of work experience in the Information Security domain besides one need to take the Certified Network Defender (CND) exam before taking the CEH.

There is also a need to be aware of how these two exams test candidates. The PenTest+ exam focuses on penetration testing and vulnerability assessment while the CEH exam only focuses on penetration testing. CEH exams comprise 125 questions with a time duration of about four hours. In the case of PenTest+ one needs to answer 85 questions in a time duration of around two hours and 45 minutes in the examination. However, the PenTest+ has a few built-in simulations that an examinee must complete alongside the multiple-choice questions. When it comes to CEH, one needs to answer only multiple-choice questions.

The CEH and the PenTest+ are similar in their re-certification process.  Both certificates are valid for three years from the date of issuance. The PenTest+ requires 60 Continuing Education Units (CEUs) to be uploaded to your certification account in a span of three years. These CEUs are received after completing approved activities and training programs from CompTIA. CEH requires one to get 120 electrical and computer engineering (ECE) credits in a time period of three years.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


NatashaSharma

© Copyright nasscom. All Rights Reserved.