GIAC Penetration Tester (GPEN)
Global Information Assurance Certification (GIAC)
Expires: 2029-03-31
The GIAC Penetration Tester (GPEN) certification validates a practitioner’s ability to properly conduct a penetration test, using best practice techniques and methodologies.
GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects.
Target Audience
The GPEN certification is designed for:
- Security personnel who assess networks and systems for vulnerabilities
- Penetration testers
- Ethical hackers
- Red team members
- Offensive security professionals
- Security auditors and consultants
Skills Tested
The GPEN exam covers:
- Comprehensive pen test planning, scoping, and recon
- In-depth scanning and exploitation
- Password attacks and web application testing
- Post-exploitation and pivoting techniques
- Detailed penetration test reporting
Exam Format
- Questions: 82 questions
- Duration: 3 hours
- Passing Score: 75%
- Format: Open-book, web-based, proctored
Certification Maintenance
- GIAC certifications are valid for four years
- Certification holders must submit 36 CPEs for renewal
- Alternative: Retake the current exam
Related Training
The official SANS course SEC560: Enterprise Penetration Testing directly maps to GPEN. This course provides comprehensive coverage of penetration testing techniques and methodologies used by professional penetration testers.