GIAC's Certified Penetration Tester, or GPEN, is an advanced information security designation for individuals who conduct penetration testing.
Often known as "ethical hacking" or "white hat hacking," penetration testing involves assessing networks and systems to find security vulnerabilities that may be caused by problems such as weak security configurations or improperly patched systems.
According to the GIAC website, the GPEN certification deals with topics such as:
- methodologies for penetration testing;
- legal issues associated with penetration testing;
- how to properly conduct a penetration test; and
- best practice techniques for conducting penetration tests (both technical and non-technical).
GPEN is targeted specifically at penetration testers, also known as "ethical hackers" or "white hat hackers." These individuals, who typically have several years of IT security experience and knowledge, test how secure an organization's computer network or system is by conducting attacks that would simulate what a real hacker would launch.
After analyzing the results of the simulated attack, the penetration tester will typically produce a report for the organization that details any security issues that have been found, what kind of impact it would have on the organization if those holes were found by a real hacker, and what can be done to correct or minimize those problems.
While there is no specific training required, it would be a very good idea to have some sort of training on penetration testing under your belt before you attempt to take the exam, as penetration testing is an advanced specialization and is not for those just stepping into the IT security realm. GIAC mentions the SANS Security 560 course, Network Penetration Testing and Ethical Hacking, as one of the relevant training courses for this certification.
The exam consists of 150 questions and you have four hours to complete it. You need to get 70 percent or 105 questions correct in order to pass.
Standard registration is $899, but the price is reduced to $499 if you take the SANS Security 560 course first.
GPEN can be renewed every four years.