Thereβs no end to the number of available ethical hacking certifications on the market. Whether youβre an experienced hacker looking to expand your resume, or a beginner looking to start off right, you only want to dedicate time and money to ones that will help you succeed.
Weβd love to tell you thereβs a definitive, absolute, best certification that meets every criterion available, but nothing is ever that simple. There are, however, certifications that we consider βbestβ for specific things. If you want to prove mastery of a particular skill, raise your salary, or get more callbacks from hiring managers, thereβs definitely a certification for you.
Take a walk with us as we break down our top picks for the best ethical hacking certifications and who they are best for.
Beginner Certifications
Everyone needs to start somewhere. These next few certifications are designed to give you foundational knowledge in ethical hacking. They cover tools, steps, procedures, and terminology. Each has its own unique benefits that earned them a spot on our list.
Certified Ethical Hacker (CEH ANSI)
Category: Most recognized by hiring managers
Details
Created in 2003 by EC-Council, Certified Ethical Hacker is a four-hour, 125-multiple-choice exam covering scanning and enumeration, exploiting vulnerabilities, malware analysis, penetration testing tools, and various attack strategies. There are no practical exercises involved.
Requirements
To write the exam, you must meet one of the following criteria:
- Take an official EC-Council partnered training course.
- Submit proof of two years of work experience and a $100 application fee.
Read "How to Get the Certified Ethical Hacker (CEH) ANSI Certification" for more details.
Cost
$499 (plus an additional $850 if you need to take the training course). There is an annual membership fee of $80. Read our full breakdown of the CEH ANSI costs here.
Why is this our choice?
There are a lot of issues with CEH, to be sure. It is not highly respected by industry professionals due to the absence of practical testing. It is also very expensive for what theyβre providing. However, there are reasons to include it on this list.
Aside from being ANSI 17024 and DoD 8570 accredited, it is highly sought after by recruiters and hiring managers. Search CEH on any major job posting website, such as Indeed or LinkedIn, and you will find it appears more than almost any other certification on this list. It is also found on many job postings which sport higher salaries.
Why is this the case? There are several possible reasons.
CEH was one of the first on the market. U.S. government agencies needed a universal requirement and chose CEH, making many HR departments follow suit. Also, many hiring managers arenβt cyber security professionals and donβt dedicate much time to research. A quick Google search ranks CEH up top, so thatβs what they ask for.
Regardless of your feelings on the certification, it will get you more βstage oneβ interviews than most others on this list. See our CEH exam cheat sheet to help you in your studies.
CompTIA PenTest+
Category: Best at proving foundational knowledge
Details
Produced by CompTIA, the PenTest+ exam is two hours and 45-minute long, consisting of a maximum of 90 multiple-choice and practical βperformance-basedβ questions. Like CEH, it is DoD 8570/ANSI/IEC/ISO 17024 approved.
We compared these two certifications in our Pentest+ vs. CEH article, as they are very similar. The primary difference in knowledge domains is that PenTest+ covers planning, scoping, managing weaknesses, and administrative topics like scope creep, liability, client communication, and regulatory compliance.
Requirements
There are no hard requirements to write this exam, though holding the Network+ and Security+ certifications is recommended.
Cost
$381 to write. Renewal fee of $150 every three years.
Why is this our choice?
Most practical exams wonβt cover the administrative and legal end of ethical hacking. This certification, despite being primarily multiple-choice, requires you to understand client communication, contracts, the scope of testing, debriefs, and procedures.
Holding PenTest+ on its own is unlikely to get you a job, but it does show that you understand the steps of a penetration test from the first client meeting to the final completion of the contract. This is basic knowledge every ethical hacker should possess.
As we pointed out in our comparison article, the client isnβt paying you to hack their network, theyβre paying for an audit report they can use to secure their systems. The information in the Pentest+ curriculum is something you may find yourself referring back to.
eLearn Security Junior Penetration Tester (eJPTv2)
Category: Most affordable beginner-level certification
Details
Offered by eLearnSecurity and INE, this entry-level exam requires students to answer 35 multiple-choice questions based on their findings in a lab environment within 48 hours.
Questions will be in the vein of βwhat is the name of the low-privilege user on machine x,β or βwhich of the following exploits can be used to gain access to machine y.β Students must perform enumeration and exploitation on the systems within the lab environment to discover the answers.
Requirements
There are no hard requirements to write this exam.
Cost
$200
Why is this our choice?
While CEH and PenTest+ can be considered beginner friendly as well, this certification adds the requirement to actually pull off techniques such as network scanning, privilege escalation, and network pivoting. It also manages to do so at a much lower price.
The most inexpensive beginner certification exam on our list, eJPT proves beginner-level practical skills without the intensity of other lab-based exams, like PNPT and OSCP (discussed below).
Practitioner Certifications
Moving up from the beginner certifications, these put practical skills to the test in real lab environments. Passing a practitioner-level certification lays to rest any doubt that you are, indeed, a hacker. Take a read to see why these are our top choices.
Offensive Security Certified Professional (OSCP)
Category: Closest to an βindustry standardβ ethical hacking certification
Details
Offered by Offensive Security (usually referred to as OffSec), OSCP is a beast of an exam.
Lasting just short of 24 hours in a lab environment and another 24 hours for report writing, the student is expected to hack into and gain administrator (root) access to three stand-alone machines (worth 20 points each) and acquire Domain Administrator control of a three-machine Active Directory network (worth 40 points total).
They will then have to provide a report showing step-by-step instructions for their hack (including screenshots) accurate enough that someone of reasonable skill could reproduce their results. A total of 70 points and a quality report are required to earn the title of Offensive Security Certified Professional.
Requirements
There are no hard requirements for this exam. That said, the exam also comes with a training course that students are encouraged, but not required, to complete. You can not purchase a standalone exam.
Cost
- Option one: $1,499 for the course, one exam attempt, and 90 days of lab access or
- Option two: $2,499 for the course, a year subscription to the lab, two exam attempts, and access to their Kali Linux Certified Professional and Offensive Security Wireless Professional courses/exams
Why is this our choice?
The simple fact is many, if not most, ethical hackers and penetration testers have their OSCP. Between the training involved and the rigor of the exam, it is considered the defacto ethical hacking certification.
Even those in the industry who criticize OffSec or the OSCP tend to admit that they themselves hold the certificate and that itβs simply one of the expected hazing rituals you go through to become an ethical hacker.
While CEH may get the attention of hiring managers who lack technical or information security experience, OSCP is what the department heads will be looking for.
Practical Network Penetration Tester (PNPT)
Category: The most realistic exam on the market
Details
Practical Network Penetration Tester is offered by TCM (The Cyber Mentor) Academy. The exam consists of a five-day lab followed by two days to write and submit a report.
Students are expected to perform OSINT on a target, use that information to conduct an external pentest to gain initial access, pivot through a five-machine Active Directory network, and gain Domain Admin with persistence. The student must then submit an audit report for the βclient.β
Unlike OSCP, PNPT isnβt concerned with the step-by-step process in the report but demands a realistic client-focused audit showing the vulnerabilities discovered, proof, and recommendations for remediation.
If your report is accepted, you will be required to make a 15-minute online presentation to a staff member at TCM Academy as if they were a client.
Requirements
There are no requirements to write this exam.
Cost
$299 for two exam attempts.
Why is this our choice?
While PNPT has a long way to go to gain the recognition of OSCP, to which it is often compared, it offers an experience unlike any other practical certification.
The week-long time frame, requirements for the report, and client debrief are all true to the industry. The exam also lacks βflagsβ or partial points and, unlike OSCP, has no restrictions on the tools you can use. The lab is also designed to emulate common misconfigurations one might see in the wild.
This certification shows you have performed the equivalent of a real penetration test from start to finish.
See Our Other Certification Lists
The Best Cloud Security Certifications to Boost Your Career
Top Entry-Level Cyber Security Certifications for You
Specialist Certifications
Once youβve become comfortable performing general hacking, you may want to pick a specialty. Becoming an expert in a particular technology or field can increase both your pay and job opportunities over that of a general hacker. These are our top choices.
Certified Red Team Operator (CRTO)
Category: Best red team operations certification
Details
Certified Red Team Operator is offered by Zero Point Security, designed and operated by Daniel Duggan (better known as βRastamouseβ). It is a 48-hour long lab-based CTF exam taken over four days (you can pause lab time when not using it). The exam ends after 48 hours of lab time, or four days of real-time, whichever comes first.
Students access the lab through a web browser and are given access to a Kali instance with all necessary tools, including the C2 framework Cobalt Strike (which retails for $5,900 per year). The exam itself is an assumed breach scenario inside an Active Directory network. Students must obtain six out of eight flags to pass. There is no report required.
Requirements
While there is a course you can purchase alongside the exam, it is not required.
Cost
Β£99 (roughly $120 USD) for the standalone exam.
Why is this our choice?
Like some other certifications on this list, it is not well-known enough among hiring managers to get you a foot in the door. That said, performing an Active Directory penetration test using high-end tools like the verbose and expensive Cobalt Strike is not something many students will find themselves exposed to.
While many other Active Directory lab exams (such as PNPT, Pentester Acadamyβs CRTP, or HackTheBoxβs CPTS) have no restrictions on using the C2 framework of your choice, the expectation is that most students wonβt use anything more complex than the Metasploit Framework.
Proof positive that you can perform a red team operation with Cobalt Strike can put you leaps and bounds above other candidates applying for a pentesting team position.
Burp Suite Certified Practioner (BSCP)
Category: Best web application penetration testing certification
Details
This four-hour exam is provided by PortSwigger, the creators of the popular web application testing tool Burp Suite. This lab-based exam challenges you with two applications that have three vulnerabilities each.
With each application, you will be required to gain low-level user access, escalate to administrator privileges, and read the βsecretβ file as proof.
PortSwigger states that those who have passed the exam and obtained their Burp Suite Certified Practioner demonstrate they have the ability to:
- Detect and prove the full business impact of a wide range of common web vulnerabilities.
- Adapt attack methods to bypass broken defenses, using knowledge of fundamental web technologies.
- Quickly identify weak points within an attack surface, and perform out-of-band attacks to attack them.
Requirements
You must have a copy of the Burp Suite Professional software, which retails for $499.
Cost
$99 for one exam attempt.
Why is this our choice?
Most other popular practitioner-level web application hacking certifications do not have the complexity of BSCP. While other certifications focus on analyzing the application, debugging, and running scripts, Port Swigger goes a step further.
The interesting element of this exam is that each application has at least one βactive userβ who will be logged in, visiting the homepage, and clicking links in emails they receive. This opens up reflected vulnerabilities, clickjacking, stealing session cookies, and other attacks not often seen on practical exams.
While this exam focuses on using a single software, Burp Suite is the leading toolkit for web security testing. If you are doing web application hacking or bug bounties, you are almost certainly using this program, so becoming a specialist is a no-brainer.
GIAC Cloud Penetration Tester (GCPN)
Category: Best cloud pentesting certification
Details
GIAC Cloud Penetration Tester is a two-hour long 75-question multiple-choice proctored exam. The minimum passing score is 70%. Like most GIAC exams, GCPN will cover both conceptual or theoretical questions and realistic scenario questions, such as using tools or assessing outputs.
The exam covers the fundamentals of cloud penetration testing, environment mapping, service discovery, attacks specific to Amazon Web Services (AWS) and Azure, and native applications with containers.
The exam can be taken through a ProctorU or Pearson VUE testing center. GIAC has opened up the option to write the exam from home while proctored through a webcam. The exam is open book but not open computer (meaning no digital assets or online notes).
Requirements
While there is training specific to this exam available through the SANS institute, you can write this exam without any prerequisites.
Cost
The exam attempt without training is $949. A renewal fee of $469 is due every four years.
Why is this our choice?
In general, we much prefer recommending hands-on lab scenario exams to prove your abilities. However, there isnβt anyone else on the market right now offering a certification that covers as much cloud-hacking material as GIAC.
There are some Azure and AWS specific pentesting certifications with labs out there, but GCPN requires you to know it all. Their exam objectives include:
- AWS authentication and cloud services
- Azure functions and windows containers
- Cloud CLI and application mapping
- Cloud native applications and CI/CD pipelines
- Cloud penetration testing fundamentals
- Containers and Kubernetes structure
- Discovering cloud services and data
- Azure cloud services and attacks
- Password attacks on cloud environments
- Red-team penetration testing of cloud environments
- Redirection and attack obfuscation
- Web application attacks
If your goal is cloud-focused penetration testing, combining this certification with one that is lab-based, such as OSCP, is a strong choice.
Advanced Certifications
Are you ready to reach new heights? These next certifications will rocket your reputation and your career. Note that these are for individuals with many years in the industry. Check out our recommended advanced certifications.
Certified Information Systems Security Professional (CISSP)
Category: Best salary boosting certification
Details
We have discussed Certified Information Systems Security Professional extensively in multiple articles, including our CISSP vs. CEH and CISSP vs. CASP+ comparisons. Offered by (ISC)2, it is a four-hour examination comprised of multiple choice and βAdvanced Innovative Questionsβ (hands-on performance-based scenarios similar to those on CompTIA exams), with a required passing score of 700 out of 1000.
This βmile wide and inch deepβ certification covers managerial concepts, such as security and risk management, identity and access management, security architecture and engineering, and security operations. It is not an exam where you think like a techie but where you think like a manager.
Since May 2021, English exam versions have changed from a standard linear format to a Computerized Adaptive Testing (CAT) format. This means that the number of questions and difficulty changes depending on how youβve answered previous questions.
Requirements
You can write the exam without any requirements and gain the title of βAssociate of (ISC)2.β To become a CISSP, you will also require proof of five years of paid work experience in two or more of the eight knowledge domains covered on the exam and an endorsement of a CISSP member in good standing.
Cost
$749 to write and a yearly membership fee of $125.
Why is this our choice?
This is an odd choice to add to this list because CISSP is not an ethical hacking certification. Sure, it advertises itself as βthe most globally recognized certification in the information security marketβ and is arguably the closest there is to an βindustry-standardβ security certification, but it is not about ethical hacking.
So, why include it?
CISSP is asked for over and over again on job postings for senior-level ethical hackers. It may be due to (ISC)2βs requirement of provable work experience, or perhaps many senior penetration testers will be expected to take on managerial roles and responsibilities in these posted positions.
Regardless, this advanced certification appears so frequently that we would be doing you a disservice not to mention it here. CISSP is also known to raise your expected salary more than most other senior certifications, with an average CISSP salary of $129,000 in the United States. We have a CISSP exam cheat sheet if you're preparing for this certification.
Offensive Security Certified Expert 3 (OSCE3)
Category: Displaying most complete expertise in ethical hacking
Details
Provided by OffSec, Offensive Security Certified Expert 3 (sometimes unofficially called Offensive Security Triple Expert or OSCE trifecta in various circles) is not a written exam or lab-based performance. It is awarded to students who have successfully passed three different certifications, namely
- Offensive Security Web Expert (OSWE)
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Exploit Developer (OSED)
This certification replaced the retired OSCE certification, which was a single exam taken following the βCracking the Perimeterβ course.
Earning this certification requires a combined six days of lab-based examination, three reports, and heroic levels of skill, determination, patience, and expertise.
Requirements
As stated above, this title is granted to those who pass the OSWE, OSEP, and OSED certification exams.
Cost
Each exam can be purchased one of two ways:
- $1599 for the associated course, 90 days of lab access, and one certification attempt
- $2499 for the associated course, one year of lab access, and two exam attempts
This means OSCE3 could cost as low as $4797 or upwards of $7497, assuming you require no additional exam retakes.
Why is this our choice?
Being an OSCE3 means you are an expert in network penetration testing, reviewing advanced source code, evading antivirus and other defensive software, web application hacking, and crafting your own exploits. You can do it all at an expert level. There really isnβt anything more that needs to be said.
Conclusion
The βbest ethical hacking certificationβ will mean different things to different people. Where you are now in your career, where you want to end up, what you can afford, and what elements most appeal to you will all factor into that decision.
Our goal with this list was to help you understand the benefits and drawbacks of these various certifications, introduce what theyβre about and who theyβre marketed towards, and let you make the best-educated choice for your career development.
If youβre building your path now, aim for one or more of our suggested beginner certifications, choose a practitioner certification to pursue, and as you advance, think about any specializations you want to focus on. If you need more background on general cyber security first, consider one of these entry-level cyber security certifications.
If you want to learn the skills necessary to take on these exams and pursue a career in ethical hacking, donβt forget to check out our hundreds of courses on ethical hacking, certification preparation, and virtual labs available to our VIP members. You can also see some of our favorite books on ethical hacking to keep on your shelf.