I am looking to start up a Pentesting section for an existing IT business and am trying to get as much info as I can.
I have some experience with basic principles, programs, procedures, laws etc, and have been testing myself on my own network and friends (with their permission, and agreement to help secure it for a beer or two).
I having been looking around at making more of this and would like to aim for a certification to move myself on. This is where I have been getting confused. The cert that seemed to me to be the one best suited to me was the GIAC GPEN cert. Whats the general opinion (if there is any) on this cert as a whole?
Also any other Certs that are considered industry standard?
Finally one more noob query that I realise might go unanswered but Even an new idea would be nice. Another group I am part of have been helping me with learning as much as I can and are now starting to challenge me. One of the members has set up what he considers a pretty secure network, and while I know that I could get in if I was within wireless range of him I have seriously lost the plot trying to do it from 1000 miles away. He has given me some clues, what security he is using etc. But i can't even get a port scan out of it.
To be honest the thing i am most interested in is the cert. The other bit is more of a i-cant-think-of-anything-and-this-brick-wall-is-starting-to-hurt-my-head question.
The EC Councils CEH certification is also quite well known, but I have my doubts about the quality of the cert. From how it sounds, the CEH is just a test that covers your ability to remember lots and lots of hacking tools. There is also another couple of certs available from the EC Council I think, which cover some other aspects of the process. Those other certs are not that well known.
There is also a company in Australia called Pure Hacking who offer another cert which is based on the OSSTM (link below). I dont think its that well known either. EDIT - This is actually an ISECOM certification, Pure Hacking is just the training and certification provider in Australia. There are others in Europe and the US.
Training- Pure Hacking