Graduate Certificate Programs: Pen Testing & Ethical Hacking

Graduate Certificate Programs: Pen Testing & Ethical Hacking

Graduate Certificate Program in
Penetration Testing & Ethical Hacking

Designed for working InfoSec and IT professionals, the graduate certificate in Penetration Testing & Ethical Hacking is a highly technical 13-credit-hour program focused on developing your ability to discover, analyze, and understand the implications of information security vulnerabilities in systems, networks, and applications in order to identify solutions before others exploit these flaws.

In this hands-on graduate program, you’ll begin with a foundational course, progress through three advanced courses, and have the opportunity to test real-world techniques in NetWars Continuous, a graded, online range exercise.

A 100% online option is available.

Applications are accepted monthly. Learn more.

Join Us for a Free Online Info Session

Overview of Graduate Programs
Thursday, August 12, 1:00 pm (ET)
Register here.

Cybersecurity Management Graduate Certificate
Featuring SANS Fellows David Hoelzer and Frank Kim
Thursday, August 26, 5:30 pm (ET)
Register here.

Learn How To

  • Conduct vulnerability scanning and exploitation of various systems and applications using a careful, documented methodology to provide explicit proof of the extent and nature of IT infrastructure risks, conducting these activities according to well-defined rules of engagement and a clear scope.
  • Provide documentation of activities performed during testing, including all exploited vulnerabilities and how those vulnerabilities were combined into attacks to demonstrate business or institutional risk.
  • Produce an estimated risk level for a given discovered flaw by using the amount of effort the team needed to expend in penetrating the information system as an indicator of the penetration resistance of the system.
  • Provide actionable results with information about possible remediation measures for the successful attacks performed.

Curriculum | 13 credit hours

Click on each course title for a full description.

Core Courses | 10 credit hours:
ISE 5201: Hacker Tools, Techniques, Exploits, & Incident Handling |   SEC 504, GCIH

Content: SANS SEC 504 Hacker Techniques, Exploits & Incident Handling
Assessment: GIAC GCIH Exam
3 Credit Hours

By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, exam, and NetWars simulation are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

ISE 6315: Web App Penetration Testing and Ethical Hacking  |  SEC 542, GWAPT

Content: SANS SEC 542 Web App Penetration Testing and Ethical Hacking
Assessment: GIAC GWAPT Exam
3 Credit Hours

ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

ISE 6320: Network Penetration Testing and Ethical Hacking  |  SEC 560, GPEN

Content: SANS SEC 560 Network Penetration Testing and Ethical Hacking
Assessment: GIAC GPEN Exam
3 Credit Hours

ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.

ISE 6300: Certificate Program Capstone | Core NetWars Continuous

Content: Core NetWars Continuous
1 Credit Hour

NetWars Continuous is an online training program that guides students through hands-on lessons to locate vulnerabilities, exploit diverse machines, and analyze systems. NetWars provides a forum to test and perfect cyber security skills in a manner that is legal and ethical. Students will face challenges derived from real-world environments and actual attacks that businesses, governments, and military organizations must deal with every day.

Elective Course | 3 credit hours:

Students select one of the following courses.

ISE 6325: Mobile Device Security & Ethical Hacking |  SEC 575, GMOB

Content: SANS SEC 575 Mobile Device Security and Ethical Hacking
Assessment: GIAC GMOB Exam
3 Credit Hours

ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

ISE 6330: Wireless Penetration Testing & Ethical Hacking |  SEC 617, GAWN

Content: SANS SEC 617 Wireless Ethical Hacking, Penetration Testing, and Defenses
Assessment: GIAC GAWN Exam
3 Credit Hours

ISE 6330 takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, students will navigate through the techniques attackers use to exploit WiFi networks, Bluetooth devices, and a variety of other wireless technologies. Using assessment and analysis techniques, this course will show students how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

ISE 6350: Automating Information Security with Python  |  SEC 573, GPYC

Content: SANS SEC 573 Automating Information Security with Python
Assessment: GIAC GPYC Exam
3 Credit Hours

The ISE 6350 course teaches student in the pen testing specialization, and other students who want to use the Python programming language, how to enhance their overall effectiveness during information security engagements. Students will learn how to apply core programming concepts and techniques learned in other courses through the Python programming language. The course teaches skills and techniques that can enhance an information security professional in penetration tests, security operations, and special projects. Students will create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

ISE 6360: Advanced Penetration Testing, Exploit Writing, & Ethical Hacking |  SEC 660, GXPN

Content: SANS SEC 660 Advanced Penetration Testing, Exploits, and Ethical Hacking
Assessment: GIAC GXPN Exam
3 Credit Hours

ISE 6360 builds upon ISE 6320 - Network Penetration Testing and Ethical Hacking. This advanced course introduces students to the most prominent and powerful attack vectors, allowing students to perform these attacks in a variety of hands-on scenarios.

ISE 6630: Cloud Penetration Testing |  SEC 588, GCPN

Content: SANS SEC 588 Cloud Penetration Testing
Assessment: GIAC GCPN Exam
3 Credit Hours

ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

  • "I firmly believe, had it not been for SANS, my career would not be what it is today. My SANS education has enabled me to compete on a completely new level and given me the chance to network with industry greats."

    Steven Romero
    Engineer, Chevron

  • "What I learned in the graduate certificate program made the difference in landing my dream job. I was promoted from an audit/compliance role to a more offensive-focused security role within my organization."

    Jake Miller
    Penetration Tester, Charles Schwab

  • "My career advanced at a rate not achievable through other graduate programs. Earning a graduate certificate in pen testing from SANS, and the GIAC certifications along with it, gave me an edge - and opportunities."

    Terry Holman
    CI/KR Advisor, TeamWorx Security

The SANS Technology Institute Advantage

Online and In-Person Study Options

Flexibility for Working Professionals

  • Monthly admissions windows mean you can start on your schedule and earn the graduate certificate in roughly two years.

Credentials that Showcase Your Skills

  • Earn industry-recognized GIAC certifications that validate your skill set in critical, specialized areas of InfoSec.

World-class Faculty

Pathway to a Master's Degree

  • Credits earned in the certificate program may be applied directly toward the master's degree program should you later apply and be accepted.

Success Stories

Video gaming was the start of what would lead to Jeff Sass's decades-long career at Adobe.

Discover why he chose to pursue 3 graduate certificates at — and how the experience helped him win a promotion to manager.

Read Jeff’s story and other profiles here.

Quick Links

Admissions Deadlines & Application Requirements
Tuition & Options for Funding


We're happy to help.
Email or call (301) 241-7665.