2

After a lot of googling and searches on forums, it was apparent that certificates like CEH and CISSP incorporated a lot of theory in them and were useful as an added for job.

Are there any certificates that give real time practice with the system during training or the learning process includes practical working (certificates that will give working knowledge) ?

What about Red Hat certs. or CISCO certs. ?

TheSB
  • 21
  • 1

3 Answers3

5

I think one of the most hands on security certifications out there is Offensive Security Certified Professional/Expert. The exam involves executing a penetration test and delivering a report on which you will get quoted. Now this certificate is aimed at attack and penetration testers, if your job is to administer Cisco equipment you should look into CCNAS or CCNPS.

There is also SANS but to be honest they are a bit expensive. The trainings are good though.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • Yeah I read about OSCP and it is indeed very interesting. But the thing is that I am not much acquainted with the info. security field, a beginner if u will. Also I live in India and did not find much of training resources available here. So can you suggest basic or intermediate level courses that can help me build up my knowledge ? Later on when possible I can take up those advanced courses. – TheSB Jun 29 '13 at 15:44
  • I'd start with the securitytube courses if I were you then. Especially the python,metasploit and Linux ones are pretty good. They are quite cheap as well – Lucas Kauffman Jun 29 '13 at 15:55
1

Have you tried Matasano Crypto Challenges? Here's a good review from the PinBoard Blog:

I mentioned earlier that I thought every web programmer should try their hand at these. It is very illuminating to look at your own web app from the vantage point of an attacker actually writing code. At the very least, you will never be confused about cipher block modes again, or have to worry that someone will ask you to explain how a public key works in an interview. And there is a whole slew of dumb mistakes you will now avoid (replacing them with smarter mistakes that will become the subject matter of challenges 48-96).

Also, Cody Brocious from Accuvan LABS AppSec Team is running the Breaker 101 course:

The majority of the coursework will be styled as a CTF (capture the flag). In essence, you will be breaking from day one and putting these attacks in practice. The exceptions are some of the crypto and the secure architecture/threat modeling portions of the course. These will be graded for your benefit but do not count towards your score.

Exams are largely practical as well, but will be more open-ended, as you will see in real-world security testing.

pageman
  • 111
  • 3
0

If you're looking for a hands-on Penetration Testing certification, there is really no better alternative than the OSCP. (Perhaps some of the SANs classess are strong as well, but I can't speak to those from experience). Although once you have an OCSP you can not call yourself a Pen-Testing expert, it will definitely help you start down that route.

http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

eliteparakeet
  • 243
  • 2
  • 7