|Certified Expert Penetration Tester (CEPT)
The CEPT certification is designed to certify that candidates have expert level knowledge and skills in relation to penetration testing.
The CEPT consists of 9 domains directly relating to job duties of expert-level penetration testers. The IACRB defines an "expert penetration tester" as:
A person who is highly skilled in methods of evaluating the security of a computer systems, networks and software by simulating a attacks by a malicious user. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. An expert penetration tester should additionally posses the ability to discover and reliably exploit unknown vulnerabilities in targeted software and systems.
The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. The 9 Certified Expert Penetration Tester (CEPT) Domains are as follows:
- Penetration Testing Methodologies
- Network Attacks
- Network Recon
- Windows Shellcode
- Linux & Unix Shellcode
- Reverse Engineering
- Memory Corruption/Buffer Overflow Vulnerabilities
- Exploit Creation - Windows Architecture
- Exploit Creation - Linux/Unix Architecture
- Web Application Vulnerabilities
Any candidate that answers 70% of the questions correctly is considered to have passed the multiple choice exam.
Becoming a candidate for the CEPT exam:
There are three options for taking the CEPT exam:
- The CEPT is available at any of our training partner's locations throughout the world.
- The exam can be proctored on-site at your location for groups of 10 or more.
- Individuals employed at member organizations can take the exam over the internet.
Access to the CEPT exam:
- All CEPT related correspondence is sent to the email address you provided when you registered.
- All training and certification is conducted through the exam engine. Use the exam engine to log in to your account to take exams..
- Once you log in, you will have links for Certification Attempts and/or Self Study Files as appropriate to your registration.
- Please be sure to read all documentation pages.
As the IACRB is a not-for-profit organization, please be aware that fees are used only for administrative functions.
Ready to take the exam? Contact a training partner or register to take the exam here.
- Flat fee of $499 per exam.
- On-site proctored exams are $399 per voucher.
The CEPT certification has now moved to a four year certification period. Regular renewal of a certification ensures that IACRB professionals maintain their knowledge and skills over time. Recertification is conducted via the exam engine system.
Your recertification will become available for registration in your portal account one year in advance of your certification expiration. Recertification candidates will be taking exactly the same exams as current certification candidates.
There are no fees associated with re-certification.
Tips for Success:
The CEPT certification program is very challenging. We offer the following advice when pursuing your certification:
- Budget your time carefully. Don't postpone until the last minute and expect to do well.
- Plan to spend some hands on time working with any of the resources available on the internet for exploit writing. You are not formally required to have experience in the field in order to take the CEPT certification. Do realize that by design the CEPT focuses on and tests your ability to apply your knowledge and skills in practice. You will have a much easier time with the certification process if you've spent some time working with the tools and technology.