Save $350 on Cyber Security Training at SANS Anaheim 2019. Ends 12/19!
 

Penetration Testing Courses

SANS' Pen Test Training Courses are created to help professionals deliver high-value pen tests. Here's what you can expect from the SANS Pen Test Curriculum:

  • Different platforms - Take a network, web app, mobile or wireless Pen Test course.
  • A comprehensive curriculum - SANS Pen Test Curriculum spans beginner, advanced and specialist pen test skillsets.
  • Cutting edge - SANS updates and refreshes Pen Test Training content regularly.
  • Built by experts - All training content is created by a panel of pen test experts.
  • Expert Instructors - SANS Pen Test Instructors who deliver training are globally respected, real-world practitioners.
  • Extensive courseware - Students receive a library of books and resources.
  • Flexible access - SANS offers different training methods.

Founded over 25 years ago, SANS now counts Fortune 500 enterprises, government departments and military bodies among its growing list of partners. We operate across more than 30 countries and have over 125,000 alumni.

Click here to jump to our full Pen Test course list

Why Choose A SANS Penetration Testing Course?

SANS' Pen Test Training Courses are developed by professionals who have earned their stripes on the discipline's front line. Our Courses are focused on equipping students with the technical skills, knowledge and tools they need to make a difference, as soon as they get back to the office.

SANS Training is hands on. Courses feature in-depth lab experiments, simulations, cryptographic challenges and war games.

These encompass:

  • Modelling activities of real-world attackers
  • Finding vulnerabilities in target systems
  • Exploiting them under controlled circumstances
  • Determining and documenting business risk
  • Applying technical excellence
  • Working in a professional, safe fashion according to a carefully designed scope and rules of engagement
  • Helping an organisation prioritise their resources in improving its security stance

The purpose of this practical work is to practice, drill and test the knowledge that's been learned.

SANS provides the Pen Test community with free posters and downloads on our Pen Test Resources page.

Training Delivery

SANS offer a menu of training options. These include learning in a classroom-like environment at a Training Event, with a dedicated Instructor. These events offer the chance to secure a SANS Coin.

Alternatively students can take SANS Online Training. This option allows students to work in their own time, either at home or in the office.

Finally, for organisation that has over 25 students to train, we can deliver SANS Private Training. Here a SANS Instructor delivers training directly to staff, in their HQ or office.

Read what previous SANS Pen Test students thought about their training on our Testimonials page.

Penetration Testing Courses

Certification

Many of our Pen Test Courses align with GIAC Certifications. Achieving a GIAC Pen Test Certification offers many benefits.

For employers it ensures staff possess cutting edge skills. For professionals, GIAC Certification can support career progression.

Courseware

Depending upon the course taken, Courseware can include:

  • Textbooks - The textbooks, like the SANS Courses they complement, are regularly updated by our Pen Test experts.
  • A tool set - If we explore a specific open source tool in class, we'll ensure students receive a copy. If there are licencing restrictions we'll ensure, at a minimum, students receive a trial version.
  • Posters - To help make complex processes and concepts more digestible, SANS creates visual wall charts. They cover tips, tricks, tools, resources, and useful references.
  • Virtualised resources - Where a course features it, students leave with a custom VM full of pen testing tools. The aim is to equip practitioners with the resources to carry out their own tests.
  • Test subjects - Specimen software, apps and products to experiment on.
  • Course audio - Access to audio files that hammer home important advice.

SANS Penetration Training Courses

SANS offers twelve distinct courses in this curriculum, covering different strands of the discipline. These courses fall into three categories - Core, Advanced and Specialist. For any questions relating to training please see our FAQs page.

SANS Core Pen Test Courses

For people new to cyber security who want to specialise in pen testing our Pen Test curriculum starts with SEC301, a course designed to teach information security's fundamentals.

From there students can move on to SEC401 - a practical, bootcamp style course designed to help defenders prevent attacks and detect adversaries.

SEC504 puts the bad guy's tactics and techniques under the microscope. It proves invaluable insight into finding vulnerabilities and discovering intrusions. By its very nature, SEC504 is aligned with criminals' latest tactics, technologies and exploits.

SANS Advanced Pen Test Courses

SANS offers a menu of courses that focus on testing and securing different technologies. For example, SEC560 explores network testing. Our SEC561 course builds on this curriculum, offering intensive, hands-on Pen Test training.

SEC562 is SANS' unique CyberCity course. CyberCity is a programme built around a fully wired, connected and scaled model of a modern city. The course teaches students how to attack and defend the city's logical and digital infrastructure.

SEC575 lasers in on mobile device security, while SEC542 tackles web app pen testing.

Developers and defenders who specialise in Python may like to explore SEC573. This course looks at how their skills can be used to aid pen testing missions.

All these courses are full of practical, real world knowledge. They explore how important tools work, and how to conduct tests in a professional and safe manner.

SANS Specialist Pen Test Courses

For students who have existing pen testing experience - or have completed SEC560 - SANS offers SEC660. This heavyweight course explores, among other topics, how today's dominant network protocols, operating systems, and cryptographic practices can be exploited.

SEC760 is one of SANS' most technically demanding courses. It tackles exploit development for pen testers. It teaches students how to write their own white-hat exploits after researching an attack surface. This might be by reverse engineering applications, kernel debugging or though patch analysis.

SEC617 is our specialist course that focuses on wireless hacking, pen test technique, and defence.

Along with networking, apps are becoming a popular business necessity. SEC642 teaches students how criminals approach attacking apps and what can be learned from their techniques.

Penetration Testing Curriculum
Course Certification
Level 1 SEC301: Introduction to Cyber Security GISF
Level 2 SEC401: Security Essentials Bootcamp Style GSEC
SEC460: Enterprise Threat and Vulnerability Assessment
Level 3 SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling GCIH
SEC550: Active Defense, Offensive Countermeasures and Cyber Deception
Level 4 SEC542: Web App Penetration Testing and Ethical Hacking GWAPT
SEC560: Network Penetration Testing and Ethical Hacking GPEN
SEC562: CyberCity Hands-on Kinetic Cyber Range Exercise
SEC564: Red Team Operations and Threat Emulation
SEC567: Social Engineering for Penetration Testers
SEC573: Automating Information Security with Python GPYC
SEC575: Mobile Device Security and Ethical Hacking GMOB
SEC580: Metasploit Kung Fu for Enterprise Pen Testing
Level 5 SEC617: Wireless Penetration Testing and Ethical Hacking GAWN
SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking GXPN
Level 6 SEC760: Advanced Exploit Development for Penetration Testers
Training Events Offering Penetration Testing Courses
Event Dates Register
SANS Amsterdam January 2019 Jan 14 - Jan 19, 2019  
SANS Threat Hunting London 2019 Jan 14 - Jan 19, 2019  
SANS Dubai January 2019 Jan 26 - Jan 31, 2019  
SANS SEC504 Stuttgart 2019 (In English) Feb 04 - Feb 09, 2019  
SANS London February 2019 Feb 11 - Feb 16, 2019  
SANS Zurich February 2019 Feb 18 - Feb 23, 2019  
SANS Riyadh February 2019 Feb 23 - Feb 28, 2019  
SANS Brussels February 2019 Feb 25 - Mar 02, 2019  
SANS London March 2019 Mar 11 - Mar 16, 2019  
SANS Munich March 2019 Mar 18 - Mar 23, 2019  
SANS SEC504 Paris March 2019 (in French) Mar 18 - Mar 23, 2019  
SANS Jeddah March 2019 Mar 23 - Mar 28, 2019  
SANS Madrid March 2019 Mar 25 - Mar 30, 2019  
SANS SEC560 Paris March 2019 (in French) Mar 25 - Mar 30, 2019  
SANS Cyber Security Middle East Summit Apr 04 - Apr 11, 2019  
SANS London April 2019 Apr 08 - Apr 13, 2019  
SANS Riyadh April 2019 Apr 13 - Apr 18, 2019  
SANS Muscat April 2019 Apr 27 - May 02, 2019  
SANS Stockholm May 2019 May 13 - May 18, 2019  
SANS Dublin May 2019 May 13 - May 18, 2019  
SANS Amsterdam May 2019 May 20 - May 25, 2019  
SANS Krakow May 2019 May 27 - Jun 01, 2019  
SANS London June 2019 Jun 03 - Jun 08, 2019  
SANS Munich July 2019 Jul 01 - Jul 06, 2019  
SANS London July 2019 Jul 08 - Jul 13, 2019  
SANS Pen Test Hackfest Europe 2019 Jul 22 - Jul 28, 2019  
SANS Prague August 2019 Aug 12 - Aug 17, 2019  
SANS Amsterdam August 2019 Aug 19 - Aug 24, 2019  
SANS Copenhagen August 2019 Aug 26 - Aug 31, 2019  
SANS Munich September 2019 Sep 02 - Sep 07, 2019  
SANS Brussels September 2019 Sep 02 - Sep 07, 2019  
SANS London September 2019 Sep 23 - Sep 28, 2019  
Online Training: SANS OnDemand
Event Dates Register
SEC301: Introduction to Cyber SecurityAnytime  
SEC401: Security Essentials Bootcamp StyleAnytime  
SEC504: Hacker Tools, Techniques, Exploits, and Incident HandlingAnytime  
SEC542: Web App Penetration Testing and Ethical HackingAnytime  
SEC560: Network Penetration Testing and Ethical HackingAnytime  
SEC617: Wireless Penetration Testing and Ethical HackingAnytime  
SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical HackingAnytime  
Private Training
Event Dates Register
Private Training Course of Your Choice Your Choice  
 
Latest Whitepapers

Don't Knock Bro
By Brian Nafziger

Automating Detection and Response: A SANS Review of Swimlane
By Alissa Torres

Protecting Data To, From and In the Cloud
By Dave Shackleford

Last 25 Papers »

Latest Tweets @SANSEMEA

Discover the five most dangerous new attack techniques. Ho [...]
December 16, 2018 - 10:23 AM

FOR610: Reverse-Engineering Malware: Malware Analysis Tool [...]
December 15, 2018 - 5:50 PM

' We narrow it down to the 20 top coolest careers in #InfoS [...]
December 14, 2018 - 3:54 PM

Contact Us

Mon-Fri 9am-5pm BST/GMT
Tel +44 203 384 3470
emea@sans.org

"SANS courses are very comprehensive & well run. Really enjoy the content."
- Michael Daley, Cardiff University

"SANS has made me question my own beliefs. I will be challenging colleagues and strategies when I return to work."
- Anthony Usher, HMRC

"Intense. Nothing can prepare you for learning from a true master of their art"
- Craig Aitchison, Betfair