Certification: Overview


Currently, SANS penetration testing courses are associated with seven highly sought-after GIAC certifications: GCIH, GMOB, GPEN, GAWN, GWAPT, GPYC, and GXPN. Each of these certifications indicate a holder processes the technical expertise and has mastered the process components vital to implementation and execution of information security best practices.

GIAC Assessing and Auditing Wireless Networks (GAWN)

The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate. Read More

GIAC Certified Incident Handler (GCIH)

Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. The GCIH certification focuses on detecting, responding, and resolving computer security incidents. Read More

GIAC Mobile Device Security Analyst (GMOB)

Mobile phones and tablets continue to demonstrate their usefulness and importance in enterprises and government offices. With the amount of sensitive data that can be accessed on these devices and their lack of security, mobile devices are enticing targets for nefarious attackers.

The GMOB ensures that the people charged with protecting systems and networks know how to properly secure the mobile devices accessing vital information. Read More

GIAC Penetration Tester (GPEN)

The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test. Read More

GIAC Python Coder (GPYC)

A professional that can create and modify custom tools is a valuable member of any information security team. Code developers with information security skills can customize tools to their environment, create tools for the information security community, increase productivity by automating previously manual tasks, simulate advanced attacks, and more. The GPYC certification focuses on applying core programming concepts and techniques to the Python programming language. The certification has a special focus on skills and techniques that will assist an information security professional in penetration tests, daily work, and special projects. Certified individuals can create simple Python-based tools to interact with network traffic, create custom executables, test and interact with databases and websites, and parse logs or sets of data. Read More

GIAC Web Application Penetration Tester (GWAPT)

Web applications one of the most significant points of vulnerability in organizations today. Most organizations have them (both web applications and the vulnerabilities associated with them). Web app holes have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. The number of computers compromised by visiting web sites altered by attackers is too high to count. This certification measures and individuals understanding of web application exploits and penetration testing methodology. Check your web applications for holes before the bad guys do. Read More

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Security personnel whose job duties involve assessing target networks, systems and applications to find vulnerabilities. The GXPN certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws. Read More