homepage
Call Open menu
Request Info Apply Now
2340x500_STI_Focus_Areas13.jpg

Graduate Certificate Programs: Penetration Testing & Ethical Hacking

Apply Now Request Info

Designed for working InfoSec and IT professionals, the graduate certificate in Penetration Testing & Ethical Hacking is a highly technical program focused on developing your ability to discover, analyze, and understand the implications of information security vulnerabilities in systems, networks, and applications, so you can identify solutions before adversaries exploit these flaws.

Format Option: A 100% online option is available
Courses: 4
GIAC Certifications: 4
Credits: 12
Duration: 18-24 months
Total Program Cost: $22,800 USD

470x382-cybersecurity-student-8.jpg

Strengthen Your Technical Knowledge and Skills

Gain practical skills you can immediately apply at your job or in a new infosec role.

  • Learn the latest cybersecurity tactics to protect your organization
  • Keep your skills current for career growth and advancement
  • Earn professional GIAC certifications as you complete the program
  • Train on your schedule, to balance work and school
  • Get personalized support from a student advisor 

APPLICATIONS ACCEPTED MONTHLY

Request Info Apply Now

The SANS.edu Advantage

Because cyber threats are constantly changing, our courses are continually updated for real-world relevance. But that's just the beginning.
STI_Advantage_Icons-07.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-09.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-10.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-11.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-12.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-13.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

InfoSec professional attends SANS.edu info session

Join an Online Info Session for Graduate Cybersecurity Programs

  • Get tips on crafting a strong application to our cybersecurity master’s degree program and information on the next steps in the admissions process. Tue, July 8, 12 pm (ET). Register here.
  • Learn more about our cybersecurity master's degree and graduate certificate programs for working professionals. Tue, July 15, 2 pm (ET). Register here.
  • Explore our 9 highly technical, job-specific graduate certificate programs for working professionals. Wed, July 23 at 11 am (ET). Register here.

Have questions? Some sessions may feature recorded content, but a live Admissions representative will always be available to answer questions and provide personalized guidance.

See All Info Sessions
IR.jpg

SANS.edu Named One of the Top 10 Innovators in Cybersecurity Education 

The SANS Technology Institute has been recognized as a global leader in cybersecurity education by Help Net Security, joining the ranks of top institutions like Stanford, MIT, Carnegie Mellon and Oxford.

Read the Help Net Security Article

“My career advanced at a rate not achievable through other graduate programs. Earning a graduate certificate in pen testing from SANS, and the GIAC certifications along with it, gave me an edge — and opportunities.” - Terry Holman, CI/KR Advisor, TeamWorx Security

Learn How To:

    • Conduct vulnerability scanning and exploitation of various systems and applications using a careful, documented methodology to provide explicit proof of the extent and nature of IT infrastructure risks, conducting these activities according to well-defined rules of engagement and a clear scope.
    • Provide documentation of activities performed during testing, including all exploited vulnerabilities and how those vulnerabilities were combined into attacks to demonstrate business or institutional risk.
    • Produce an estimated risk level for a given discovered flaw by using the amount of effort the team needed to expend in penetrating the information system as an indicator of the penetration resistance of the system.
    • Provide actionable results with information about possible remediation measures for the successful attacks performed.

Curriculum | 12 Credit Hours

In this hands-on program, you’ll begin with a foundational course and then progress through 3 advanced courses to learn the real-world techniques of pen testers and red teamers. This is the curriculum order for this program.

Required Core Courses | 6 credit hours

  • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
    Certification: GIAC Certified Incident Handler Certification (GCIH)

    3 Credit Hours

    By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

  • SANS Course: SEC560: Enterprise Penetration Testing
    Certification: GIAC Penetration Tester Certification (GPEN)

    3 Credit Hours

    ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.

Specialization Elective Courses | 3 credit hours

Students select one of the following courses.

  • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
    Certification: GIAC Web Application Penetration Tester (GWAPT)

    3 Credit Hours

    ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

  • SANS Course: SEC575: iOS and Android Application Security Analysis and Penetration Testing
    Certification: GIAC Mobile Device Security Analyst (GMOB)

    3 Credit Hours

    ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

  • SANS Course: SEC588: Cloud Penetration Testing
    Certification: GIAC Cloud Penetration Tester (GCPN)

    3 Credit Hours

    ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

    Students will be able to:

    • Conduct cloud-based penetration tests
    • Assess cloud environments and bring value back to the business by locating vulnerabilities
    • Understand how cloud environments are constructed and how to scale factors into the gathering of evidence
    • Assess security risks in Amazon and Microsoft Azure environments

Additional Elective | 3 credit hours

Students select one of the following courses.

  • SANS Course: SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
    Certification: GIAC Machine Learning Engineer (GMLE)

    3 Credit Hours

    This course is squarely centered on solving information security problems. This course covers the necessary mathematics theory and fundamentals students absolutely must know to allow them to understand and apply the machine learning tools and techniques effectively. The course progressively introduces and applies various statistic, probabilistic, or mathematic tools (in their applied form), allowing you to leave with the ability to use those tools. The hands-on projects provide a broad base from which you can build your own machine learning solutions. This course teaches how AI tools like ChatGPT really work so that you can intelligently discuss their potential use by organizations and how to build effective solutions to solve real cybersecurity problems using machine learning and AI.

  • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
    Certification: GIAC Web Application Penetration Tester (GWAPT)

    3 Credit Hours

    ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

  • SANS Course: SEC575: iOS and Android Application Security Analysis and Penetration Testing
    Certification: GIAC Mobile Device Security Analyst (GMOB)

    3 Credit Hours

    ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

  • SANS Course: SEC617: Wireless Penetration Testing and Ethical Hacking
    Certification: GIAC Assessing and Auditing Wireless Networks (GAWN)

    3 Credit Hours

    ISE 6330 takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, students will navigate through the techniques attackers use to exploit WiFi networks, Bluetooth devices, and a variety of other wireless technologies. Using assessment and analysis techniques, this course will show students how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

  • SANS Course: SEC573: Automating Information Security with Python
    Certification: GIAC Python Coder (GPYC)

    3 Credit Hours

    The ISE 6350 course teaches student in the pen testing specialization, and other students who want to use the Python programming language, how to enhance their overall effectiveness during information security engagements. Students will learn how to apply core programming concepts and techniques learned in other courses through the Python programming language. The course teaches skills and techniques that can enhance an information security professional in penetration tests, security operations, and special projects. Students will create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

  • SANS Course: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
    Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

    3 Credit Hours

    ISE 6360 builds upon ISE 6320 - Enterprise Penetration Testing. This advanced course introduces students to the most prominent and powerful attack vectors, allowing students to perform these attacks in a variety of hands-on scenarios. This course is an elective course in the Penetration Testing & Ethical Hacking certificate program, and an elective choice for the master's program in Information Security Engineering.

  • SANS Course: SEC565: Red Team Operations and Adversary Emulation
    Certification: GIAC Red Team Professional (GRTP)

    3 Credit Hours

    ISE 6370 develops Red Team operators capable of planning and executing consistent and repeatable engagements that are focused on training and on measuring the effectiveness of the people, processes, and technology used to defend environments. You will learn how to plan and execute end-to-end Red Teaming engagements that leverage adversary emulation, including the skills to organize a Red Team, consume threat intelligence to map against adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization. As part of the course, you will perform an adversary emulation against a target organization modeled on an enterprise environment, including Active Directory, intelligence-rich emails, file servers, and endpoints running in Windows and Linux.  Through this course, you will better understand and be able to show the value that Red Teaming and adversary emulations bring to an organization.

  • SANS Course: SEC588: Cloud Penetration Testing
    Certification: GIAC Cloud Penetration Tester (GCPN)

    3 Credit Hours

    ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

    Students will be able to:

    • Conduct cloud-based penetration tests
    • Assess cloud environments and bring value back to the business by locating vulnerabilities
    • Understand how cloud environments are constructed and how to scale factors into the gathering of evidence
    • Assess security risks in Amazon and Microsoft Azure environments

Study with the best faculty in cybersecurity

View All Faculty

Advancing in Cyber: Real Stories from SANS.edu Graduates

Discover how Jeff Sass, Adobe’s Application Security Director, used SANS.edu graduate certificates and GIAC certifications to switch careers, advance within Adobe, and gain practical cybersecurity expertise he could apply on the job.

470x382-cybersecurity-student-4.jpg

Take Your Next Step

Need more information? We’re happy to answer your questions. Join us for an info session, email info@sans.edu or call 301.241.7665.

Ready to apply? We look forward to learning about you and your career goals.

Request Info Apply Now

“SANS courses are fully aligned to what is happening in the industry. Course materials are continuously updated based on new developments in cybersecurity. It is rigorous, challenging, and relevant.” - Karim Lalji, Managing Security Consultant, TELUS

Success Stories

370x200_Jeff-Sass_STI-Success.png
Jeff Sass
Video gaming was the start of what would lead to Jeff Sass’s decades-long career at Adobe. Discover why he chose to pursue 3 graduate certificates at SANS.edu — and how the experience helped him win promotions to manager then director.
 Read More
370x200_Shawna-Turner_STI-Success.png
Shawna Turner
Shawna Turner earned a master's from SANS.edu while working full time at Nike, so online course options and the ability to adjust her schedule to her life needs were critical to her success. Discover how this former theater tech transformed herself into a cybersecurity subject matter expert.
 Read More
370x200_Richard-Halsell_STI-Success.png
Richard “Rick” Halsell Jr.
Richard “Rick” Halsell Jr. defended the Army against network breaches and today is Principal Security Program Manager at Microsoft. Learn about his career journey and see why this master's degree holder chose to pursue two graduate certificates at SANS.edu.
 Read More

“After I passed my GCIH certification exam, I got a job offer for twice my current salary. I’m happy where I am, but it’s great to see recruiters going after GIAC certified professionals.” - Agnel D’Silva, IT Administrator, City of Danville, IL

Christopher Haller

SANS.edu Graduate Certificate Student Wins National Cyber League Championship

Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. See why he chose to pursue a graduate certificate at SANS.edu — and learn about his career path from the US Navy to his current role as Principal Security Consultant at Omada Technologies.

Read More

Course Delivery Options

Your mind has no borders. Why should your college? Our online and in-person course options are designed to fit your life and how you like to learn.
370x200_modalities2.jpg
OnDemand
Our most flexible option gives you 24/7 access to online courses recorded by top cybersecurity practitioners. You can rewind and repeat content, including hands-on labs, quizzes, and exercises.
370x200_modalities3.jpg
Live Online
Study from home — and save on travel and lodging expenses — through live, interactive scheduled online courses with SANS instructors and hands-on labs in a virtual environment.
370x200_modalities.jpg
In-Person
Immersive weeklong courses with hands-on labs are held across the country and around the world throughout the year. Meet fellow students and instructors and have the chance to attend special events, NetWars, vendor presentations, and more.

“You get a lot of personal attention to get through the program because of the student advisors. They are the foundation of the SANS.edu experience.” - Christopher Hurless, Systems Engineer, Northwestern University in Qatar

Join us for a free online info session to learn more.

See All Info Sessions
470x382_-_veteran.jpg

This Program is DoD 8140 Approved

If you're a Department of Defense (DoD) employee or contractor who wants to earn a career-focused cybersecurity degree or certificate, our DoD 8140 approved college programs can open new doors of opportunity.

US Department of Defense 8140 Cyber Workforce Qualification Program
DoD 8140 establishes baseline standards for qualifications that directly support operational needs and workforce readiness. All DoD personnel assigned to positions requiring the performance of cyberspace work are affected by DoD 8140.

  • Service members
  • DoD civilian employees (including non-appropriated fund employees)
  • Contractors
  • Foreign nationals
Learn more about DoD 8140
470x382_STI_Masters_Degree_Tuition.jpg

Tuition

Total program cost: $22,800 USD

Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

Get the Credit You Deserve
Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



Request Info Apply Now
TuitionPaymentProgram.png

Fund Your SANS.edu Program in Monthly Installments with No Interest

For students who are U.S. citizens or permanent residents — and don’t use employer education benefits or veterans’ education benefits to fund their SANS.edu program — we offer a Tuition Payment Program (TPP) that enables eligible you to spread out the cost of your program in monthly installments with no interest.

Learn More
Employer_Education_Benefits_vb_470x382.png

Finance your education, build new skills, and add value for your company — using your employer-sponsored education benefits.

If you want to get the best education in cybersecurity while you work, and your organization offers education benefits, let them help you take your next step. SANS.edu cybersecurity degree and certificate programs are designed for working professionals, and your employee benefits package may help cover the cost of pursing your goals.
Learn More

Funding Options

370x200_STI_Masters_Funding_Options.jpg
Pay Per Course
Students pay tuition per course which allows you the financial flexibility to pay smaller amounts as you go.
370x200_STI_Masters_Funding_Options2.jpg
Employer Assistance
Because we are regionally accredited, our tuition is eligible for most employer-sponsored education benefit programs.
 Learn More
370x200_STI_Masters_Funding_Options3.jpg
VA Education Benefits
All SANS.edu programs are eligible for US and Canadian Veterans Education Benefits.
 Learn More
370x200_STI_Masters_Funding_Options4.jpg
Tuition Payment Program (TPP)
Eligible graduate students can spread out the cost of their program in monthly installments with no interest.
 Learn More
Federal Education Funding Options Logo
Education Benefits for Federal Employees
All SANS.edu programs are eligible for the education benefits available to US Federal Government employees.
 Learn More
370x200_STI_Masters_Funding_Options5.jpg
SANS Voucher
If you’d like to use a SANS Universal Voucher Account, confirm with your voucher administrator that course tuition is an eligible expense.
 Learn More
370x200_Canadian_Funding_Options.jpg
Canadian Funding Options
All SANS.edu programs are eligible for the Ontario Student Assistance Program (OSAP) and Canadian veterans’ education benefits.
 Learn More
External_Cybersecurity_ Scholarships-370x200.png
External Cybersecurity Scholarships
Explore independent cybersecurity scholarships administered outside of SANS.edu.
 Learn More

Questions?

We're happy to help. Email info@sans.edu or call 301.241.7665.
Request Info Apply Now

About the SANS Technology Institute

Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education

(1007 North Orange Street, 4th Floor, MB #166, Wilmington, DE 19801 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.