Black Hat is partnering with The SecOps Group to launch an independent exam track at next month's Black Hat USA conference.
The exam track will allow attendees to sign up for a certification exam, called Black Hat Certified Pentester (BCPen), to demonstrate specific, real-world knowledge of penetration testing. “We are aiming to provide an authentic and credible certification that is up-to-date and represents real-life business risks,” says Sumit "Sid" Siddharth, CEO of The SecOps Group.
Other certification exams may be added to the track in the future.
The BCPen exam covers a wide variety of topics covering the application and infrastructure security domains, such as network pen testing, Active Directory pen testing, Web and API pen testing, and Linux and cloud security topics, says Siddharth. According to the Black Hat website, the practical exam will be split into two parts, with the Web Hacking and Infrastructure Hacking sections carrying equal weight.
Attendees will be expected to demonstrate their practical knowledge of pen testing by identifying and exploiting security vulnerabilities in a hack-lab environment set up to mimic real-life scenarios. The exam will follow the format of a capture-the-flag hackathon. Exam candidates will need to capture flags as they proceed through the "course," identify various vulnerabilities, and define mitigation strategies.
The exam, categorized at an intermediate level, is suitable for candidates with two-plus years of professional experience in pen testing or bug bounty hunting, Siddharth says.
Attendees must bring their own laptops and can use any hacking tools of their choice to accomplish the exam's required tasks. The seven-hour practical exam will be available once a day (starting at 9 a.m. PT) during Black Hat USA in Las Vegas, Aug. 5-8.