numberwhun/PenTesting_and_Security_Certifications

## PenTesting_and_Security_Certifications
GIAC Web Application Penetration Tester (GWAPT):
Renewed:  Every 4 years.

The topic areas for each exam part follow:

Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack
The candidate will demonstrate an understanding of Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks and the tools and techniques used to discover and exploit vulnerabilities.

Reconnaissance and Mapping
The candidate will demonstrate an understanding of the techniques used to conduct discovery, exploration and investigation of a web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.

Web Application Authentication Attacks
The candidate will demonstrate a familiarity with the process and mechanisms used to secure web applications by authentication, how to enumerate users and how to bypass and exploit weak authentication.

Web Application Configuration Testing
The candidate will demonstrate a familiarity with the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a web site.

Web Application Overview
The candidate will demonstrate an understanding of the technologies, programming languages and structures that are involved in the construction and implementation of a web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.

Web Application Session Management
The candidate will demonstrate an understanding of how a web application manages client sessions, tracks user activity and uses SSL/TLS in modern web communications as well as the attacks that can be leveraged against flaws in session state.

Web Application SQL Injection Attacks
The candidate will demonstrate a familiarity with the techniques used to audit and test the security of web applications using SQL injection attacks and how to identify SQL injection vulnerabilities in applications.

Web Application Testing Tools
The candidate will demonstrate an understanding of the tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.


-----------------------

Offensive Security Certified Professional (OSCP):
(This seems to be a more thorough certification)

The Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
An OSCP has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.

An OSCP, by definition, is able to identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple Bash or Python scripts, modify existing exploit code to their advantage, perform network pivoting and data ex-filtration, and compromise poorly written PHP web applications.

The twenty-four hour examination also demonstrates that OSCPs have a certain degree of persistence and determination. Perhaps more importantly, an OSCP has demonstrated their ability to think “outside the box” and “laterally.”

The only way to take the OSCP certification exam is to first complete the Penetration Testing with Kali Linux training course, where students learn to identify and exploit a wide array of operating systems in our vast online VPN lab network.

Abilities:
1. Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
2. Write basic scripts and tools to aid in the penetration testing process.
3. Analyze, correct, modify, cross-compile, and port public exploit code.
4. Successfully conduct both remote and client side attacks.
5. Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.
6. Deploy tunneling techniques to bypass firewalls.
7. Demonstrate creative problem solving and lateral thinking
	GIAC Web Application Penetration Tester (GWAPT):
	Renewed: Every 4 years.

	The topic areas for each exam part follow:

	Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack
	The candidate will demonstrate an understanding of Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks and the tools and techniques used to discover and exploit vulnerabilities.

	Reconnaissance and Mapping
	The candidate will demonstrate an understanding of the techniques used to conduct discovery, exploration and investigation of a web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.

	Web Application Authentication Attacks
	The candidate will demonstrate a familiarity with the process and mechanisms used to secure web applications by authentication, how to enumerate users and how to bypass and exploit weak authentication.

	Web Application Configuration Testing
	The candidate will demonstrate a familiarity with the tools and techniques used to audit and identify flaws in the design or implementation in the configuration of a web site.

	Web Application Overview
	The candidate will demonstrate an understanding of the technologies, programming languages and structures that are involved in the construction and implementation of a web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.

	Web Application Session Management
	The candidate will demonstrate an understanding of how a web application manages client sessions, tracks user activity and uses SSL/TLS in modern web communications as well as the attacks that can be leveraged against flaws in session state.

	Web Application SQL Injection Attacks
	The candidate will demonstrate a familiarity with the techniques used to audit and test the security of web applications using SQL injection attacks and how to identify SQL injection vulnerabilities in applications.

	Web Application Testing Tools
	The candidate will demonstrate an understanding of the tools and techniques required to perform web application security testing on modern web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.


	-----------------------

	Offensive Security Certified Professional (OSCP):
	(This seems to be a more thorough certification)

	The Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
	An OSCP has demonstrated their ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.

	An OSCP, by definition, is able to identify existing vulnerabilities and execute organized attacks in a controlled and focused manner, write simple Bash or Python scripts, modify existing exploit code to their advantage, perform network pivoting and data ex-filtration, and compromise poorly written PHP web applications.

	The twenty-four hour examination also demonstrates that OSCPs have a certain degree of persistence and determination. Perhaps more importantly, an OSCP has demonstrated their ability to think “outside the box” and “laterally.”

	The only way to take the OSCP certification exam is to first complete the Penetration Testing with Kali Linux training course, where students learn to identify and exploit a wide array of operating systems in our vast online VPN lab network.

	Abilities:
	1. Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
	2. Write basic scripts and tools to aid in the penetration testing process.
	3. Analyze, correct, modify, cross-compile, and port public exploit code.
	4. Successfully conduct both remote and client side attacks.
	5. Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.
	6. Deploy tunneling techniques to bypass firewalls.
	7. Demonstrate creative problem solving and lateral thinking