2340x500_STI_Focus_Areas13.jpg

Graduate Certificate Programs: Penetration Testing & Ethical Hacking

Designed for working InfoSec and IT professionals, the graduate certificate in Penetration Testing & Ethical Hacking is a highly technical program focused on developing your ability to discover, analyze, and understand the implications of information security vulnerabilities in systems, networks, and applications, so you can identify solutions before adversaries exploit these flaws.

Format Option: A 100% online option is available
Courses: 4
Capstone: 1
GIAC Certifications: 4
Credits:
13
Duration: 18-24 months
Total Program Cost:
$23,375

The SANS.edu Advantage

STI_Advantage_Icons-07.svg

GIAC Certifications

Earn 4 industry-recognized GIAC cybersecurity certifications.

STI_Advantage_Icons-09.svg

100% Online Option Available

You have the option of completing the program through live or rewindable online courses.

STI_Advantage_Icons-10.svg

World-class Faculty

Learn the latest skills and techniques from the world's top cybersecurity practitioners.

STI_Advantage_Icons-11.svg

Pathway to a Master’s Degree

All credits earned in this program can transfer into our master’s degree program.

STI_Advantage_Icons-12.svg

SANS.edu Academic Pricing

Get SANS.edu academic pricing on SANS courses and GIAC certifications.

STI_Advantage_Icons-13.svg

Powerful Network

Make connections with some of the most talented students and teachers in the industry.

2340x500_STI_Quotes_Beige12.jpg

“My career advanced at a rate not achievable through other graduate programs. Earning a graduate certificate in pen testing from SANS, and the GIAC certifications along with it, gave me an edge — and opportunities.” - Terry Holman, CI/KR Advisor, TeamWorx Security

GAC_Header_-_2340x5002.jpg

Join us for a free online info session to learn more.

Learn How To:

    • Conduct vulnerability scanning and exploitation of various systems and applications using a careful, documented methodology to provide explicit proof of the extent and nature of IT infrastructure risks, conducting these activities according to well-defined rules of engagement and a clear scope.
    • Provide documentation of activities performed during testing, including all exploited vulnerabilities and how those vulnerabilities were combined into attacks to demonstrate business or institutional risk.
    • Produce an estimated risk level for a given discovered flaw by using the amount of effort the team needed to expend in penetrating the information system as an indicator of the penetration resistance of the system.
    • Provide actionable results with information about possible remediation measures for the successful attacks performed.

Curriculum | 13 Credit Hours

In this hands-on program, you’ll begin with a foundational course, progress through 3 advanced courses, and test real-world techniques with Jupiter Rockets, an in-depth offensive simulation for pen testers and red teamers.

Required Core Courses | 6 credit hours

  • SANS Course: SEC504: Hacker Tools, Techniques, and Incident Handling
    Certification: GIAC Certified Incident Handler (GCIH)

    3 Credit Hours

    By adopting the viewpoint of a hacker, ISE 5201 provides an in-depth focus into the critical activity of incident handling. Students are taught how to manage intrusions by first looking at the techniques used by attackers to exploit a system. Students learn responses to those techniques, which can be adopted within the framework of the incident handling process to handle attacks in an organized way. The faculty instruction, lab exercises, and exam are coordinated to develop and test a student's ability to utilize the core capabilities required for incident handling.

  • SANS Course: SEC560: Network Penetration Testing and Ethical Hacking
    Certification: GIAC Penetration Tester (GPEN)

    3 Credit Hours

    ISE 6320 prepares students to conduct successful penetration testing and ethical hacking projects. The course starts with proper planning, scoping and recon, and then dives deep into scanning, target exploitation, password attacks, and wireless and web apps with detailed hands-on exercises and practical tips for doing the job safely and effectively. Students will participate in an intensive, hands-on Capture the Flag exercise, conducting a penetration test against a sample target organization.

Specialization Elective Courses | 3 credit hours

Students select one of the following courses.

  • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
    Certification: GIAC Web Application Penetration Tester (GWAPT)

    3 Credit Hours

    ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

  • SANS Course: SEC575: Mobile Device Security and Ethical Hacking
    Certification: GIAC Mobile Device Security Analyst (GMOB)

    3 Credit Hours

    ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

  • SANS Course: SEC588: Cloud Penetration Testing
    Certification: GIAC Cloud Penetration Tester (GCPN)

    3 Credit Hours

    ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

    Students will be able to:

    • Conduct cloud-based penetration tests
    • Assess cloud environments and bring value back to the business by locating vulnerabilities
    • Understand how cloud environments are constructed and how to scale factors into the gathering of evidence
    • Assess security risks in Amazon and Microsoft Azure environments

Additional Elective | 3 credit hours

Students select one of the following courses.

  • SANS Course: SEC542: Web App Penetration Testing and Ethical Hacking
    Certification: GIAC Web Application Penetration Tester (GWAPT)

    3 Credit Hours

    ISE 6315 is a highly technical information security course in offensive strategies where students learn the art of exploiting Web applications so they can find flaws in enterprise Web apps before they are otherwise discovered and exploited. Through detailed, hands-on exercises students learn the four-step process for Web application penetration testing. Students will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. They then utilize cross-site scripting attacks to dominate a target infrastructure in a unique hands-on laboratory environment. Finally students explore various other Web app vulnerabilities in-depth with tried-and-true techniques for finding them using a structured testing regimen.

  • SANS Course: SEC575: Mobile Device Security and Ethical Hacking
    Certification: GIAC Mobile Device Security Analyst (GMOB)

    3 Credit Hours

    ISE 6325 helps students resolve their organization's struggles with mobile device security by equipping then with the skills needed to design, deploy, operate, and assess a well-managed secure mobile environment. From practical policy development to network architecture design and deployment, and mobile code analysis to penetration testing and ethical hacking, this course teaches students to build the critical skills necessary to support the secure deployment and use of mobile phones and tablets in their organization.

  • SANS Course: SEC617: Wireless Penetration Testing and Ethical Hacking
    Certification: GIAC Assessing and Auditing Wireless Networks (GAWN)

    3 Credit Hours

    ISE 6330 takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, students will navigate through the techniques attackers use to exploit WiFi networks, Bluetooth devices, and a variety of other wireless technologies. Using assessment and analysis techniques, this course will show students how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

  • SANS Course: SEC573: Automating Information Security with Python
    Certification: GIAC Python Coder (GPYC)

    3 Credit Hours

    The ISE 6350 course teaches student in the pen testing specialization, and other students who want to use the Python programming language, how to enhance their overall effectiveness during information security engagements. Students will learn how to apply core programming concepts and techniques learned in other courses through the Python programming language. The course teaches skills and techniques that can enhance an information security professional in penetration tests, security operations, and special projects. Students will create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data.

  • SANS Course: SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
    Certification: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • SANS Course: SEC588: Cloud Penetration Testing
    Certification: GIAC Cloud Penetration Tester (GCPN)

    3 Credit Hours

    ISE 6630 dives into the latest in penetration testing techniques focused on the cloud, how to assess cloud environments, as well as other new topics that appear in the cloud like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The course also specifically covers Azure and AWS penetration testing, which is particularly important given that Amazon Web Services and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies, but rather to teach you how to assess and report on the true risk that the organization could face if these services are left insecure.

    Students will be able to:

    • Conduct cloud-based penetration tests
    • Assess cloud environments and bring value back to the business by locating vulnerabilities
    • Understand how cloud environments are constructed and how to scale factors into the gathering of evidence
    • Assess security risks in Amazon and Microsoft Azure environments

Capstone | 1 credit hour

  • 1 Credit Hour

    This capstone is an in-depth offensive simulation in which students will evaluate the security of an entire enterprise in an open world challenge that looks and feels like a real penetration test. With an extensive set of modern targets on various enterprise network segments, students are tested on the knowledge they have acquired in the program.

2340x500_STI_Faculty3.jpg

Study with the best faculty in cyber security

2340x500_STI_Quotes8.jpg

“SANS courses are fully aligned to what is happening in the industry. Course materials are continuously updated based on new developments in cybersecurity. It is rigorous, challenging, and relevant.” - Karim Lalji, Managing Security Consultant, TELUS

Success Stories

Course Delivery Options

Complete any of our cybersecurity degree or certificate programs by taking courses that are 100% online or that start with weeklong in-person events held across the country and around the world. Or you can do a mix of both.
470x382_STI_Masters_Degree_Tuition.jpg

Tuition

Total program cost: $22,000

Tuition includes the cost of the course, textbooks, and certification tests that serve as mid-term or final exams for courses.

Get the Credit You Deserve
Students who have taken SANS training classes and have active GIAC certifications may be able to waive one course and GIAC certification into the program. See our waiver policy.



Funding Options

2340x500_STI_Questions2.jpg

Questions?

We're happy to help. Email info@sans.edu or call 301.241.7665.

About the SANS Technology Institute

Founded in 2005, the SANS Technology Institute (SANS.edu) is the independent, regionally-accredited, VA-approved subsidiary of SANS, the world's largest and most trusted provider of cybersecurity training, certification, and research. Offering graduate and undergraduate programs at the cutting edge of cybersecurity, SANS.edu is strengthening the cyber workforce through a career-focused curriculum built on proven SANS courses and industry-recognized GIAC certifications.

The SANS Technology Institute is accredited by The Middle States Commission on Higher Education (3624 Market Street, Philadelphia, PA 19104 - 267.284.5000), an institutional accrediting agency recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation.