Offensive Security Certified Professional is an ethical hackingcertification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.
OSCP course
The course leading up to the OSCP certification was first offered in 2006 under the name "Offensive Security 101". Students expecting a 101 course were not prepared for the level of effort the course requires, so the name was changed to "Pentesting With BackTrack" in December 2008, and again to "Penetration Testing With Kali Linux" when the BackTrack distribution was rebuilt as Kali. The course covers common attack vectors used during penetration tests and audit. The course is offered in two formats, either online or live "instructor led" classes. The online course is a package consisting of videos, a PDF, lab assignments and lab access. The instructor led course is intensive live training covering the same material, also with lab access. The labs are accessible via a high speed internet connection, and contain a variety of operating systems and network devices where the students perform their assignments.
OSCP challenge
Upon completion of the course students become eligible to take the certification challenge. They are given 24 hours in an unfamiliar lab to successfully complete the exam requirements. Documentation must include procedures used and proof of successful penetration including special marker files that are changed per exam. Exam results are reviewed by a certification committee and a reply is given within 10 business days.
Recertification
The OSCP does not require recertification.
Relations to other security trainings or exams
Successful completion of the OSCP exam qualifies the student for 40 ² CPE credits. In 2015, the UK's predominant accreditation body for penetration testing, CREST, began recognising OSCP as equivalent to their intermediate level qualification CREST Registered Tester.
Reception
In "White Hat Hacker - a popular job," on how to find white hat hackers, IT Daily listed Offensive Security Certified Professional as one of three "key qualifications." The other two were Certified Ethical Hacker, and Global Information Assurance Certifications. In "Kali Linux: A toolbox for pentest," JM Porup called OSCP certification "coveted" because it required passing a difficult 24-hour exam demonstrating hacking. In a press release on a new chief operating officer for a security services company, the company's use of OSCP professionals was described as a strength. In "The Ultimate Guide To Getting Started With Cybersecurity" Vishal Chawla of Analytics India Mag recommended OSCP as one of two "well known" security certifications. In an interview of Offensive Security CEO Ning Wang, Adam Bannister of The Daily Swig discussed a "major update" to "Penetration Testing with Kali Linux " training course, which leads to OSCP certification for students who pass the final exam. The training updates were discussed in detail in helpnet security. In The Basics of Web Hacking: Tools and Techniques to Attack the Web, Josh Pauli called OSCP "highly respected." Cybersecurity Education for Awareness and Compliance gave a syllabus outline of the training course for OSCP. In Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails, co-author Christopher Hadnagy listed OSCP as one of his qualifications. Certified Ethical Hacker Foundation Guide listed OSCP as one of two certifications by Offensive Security for a "Security Testing Track." Sicherheit von Webanwendungen in der Praxis also included OSCP in a list of recommended certifications. Building a Pentesting Lab for Wireless Networks called Offensive Security training "practical and hands-on" and said they were "most recommended." In "The Information Security Undergraduate Curriculum: Evolution of a Small Program" Lionel Mew of University of Richmond said 35% of Information security jobs require certifications, and described OSCP as a "popular certification." "Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance" called OSCP an "advanced certification" and one of "a select few" requiring hands-on penetration skills demonstrations.