CompTIA recently upgraded its PenTest+ certification program to educate professionals on cybersecurity penetration testing with training for artificial intelligence (AI), scanning and analysis, and vulnerability management, among other things.
PenTest+ certification training now includes access to a hackable website that provides live targets and vulnerabilities for cybersecurity professionals to identify and mitigate real-world threats, according to CompTIA. The certification course will validate that cybersecurity professionals have knowledge and skills in “penetration testing, vulnerability assessment, mitigation, reporting, and other responsibilities that proactively protect cybersecurity resources,” CompTIA said in a statement.
Cybersecurity penetration testing, or pen testing, involves a security assessment in which a security professional acts like a malicious hacker would and simulates a cyberattack on a computer system or network to identify potential vulnerabilities. This lets organizations then proactively address the vulnerability or weakness and fix them before an actual attack occurs. Using the same tools and techniques as hackers lets security professionals find exploitable weaknesses in the system.
CompTIA’s State of Cybersecurity 2025 report found that 56% of firms plan to invest in training for the security workforce and 42% will offer cybersecurity certifications to “establish core concepts and extend skillsets into emerging focus areas.”
“Penetration testing is among the most impactful steps a company can take to strengthen its cybersecurity readiness,” said Thomas Reilly, chief product officer at CompTIA, in a statement. “It increases their ability to fight the growing landscape of cyber threats, attacks, and vulnerabilities, and contributes to ensuring regulatory compliance.”
PenTest+ will help cybersecurity professionals demonstrate their competency of current trends, prove they are up-to-date on the latest trends, and show they can perform hands-on tasks. According to CompTIA, professionals completing the PenTest+ certification course will learn the following skills:
- Engagement management: Provides updated techniques emphasizing scoping and organizational/customer requirements, governance, risk and compliance concepts, reporting, communication, remediation recommendations, and demonstrating an ethical hacking mindset.
- Attacks and exploits: Includes new techniques to analyze targets, select the best approach, and perform network attacks, wireless attacks, application-based attacks, and cloud attacks as well as AI attacks and scripting automation.
- Reconnaissance and enumeration: Offers expanded coverage of information gathering, enumeration, and passive/active reconnaissance, with the goal of conducting inventory—which includes identifying scripts and explaining use cases of various scripting languages.
- Vulnerability discovery and analysis: Features updated skills that cover vulnerability scanning tools, analysis, management, and physical security weaknesses.
- Post-exploitation and lateral movement: Focuses on maintaining persistence, lateral movement, staging, exfiltration and post-exploitation, including clean up and restoration activities.
The PenTest+ exam features a maximum of 90 performance-based and multiple-choice questions and runs 165 minutes. Testers must receive a score of 750 or higher to pass the certification test. CompTIA recommends professionals taking the certification course and exam also have Network+ and/or Security+ certifications or equivalent knowledge, and three to four years of experience in a penetration testing job role. Pricing for the exam has yet to be determined.
Source:: Network World