See also Cybersecurity Certifications and CompTIA PenTest+
Certified Ethical Hacker – CEH Certification
Hackers are innovators; they constantly find new ways to attack information systems and exploit system vulnerabilities. Savvy businesses proactively protect their information systems by engaging the services and expertise of IT professionals skilled in beating hackers at their own game (often called “white hat hackers” or simply “white hats”). Such professionals use the very skills and techniques hackers themselves use to identify system vulnerabilities and access points for penetration to prevent hackers’ unwanted access to network and information systems.
The Certified Ethical Hacker (CEH) is an intermediate-level credential offered by the International Council of E-Commerce Consultants (EC-Council). It’s a must-have for IT professionals pursuing careers in ethical hacking, and certifies their competence in the five phases of ethical hacking: reconnaissance, enumeration, gaining access, maintaining access and covering tracks. CEH credential holders possess skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial-of-service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls, and honeypots. CEH V10 provides a greater focus on emerging attack vectors, along with IoT hacking and vulnerability analysis`
To obtain a CEH (ANSI) certification, candidates must pass one exam. A comprehensive five-day CEH training course is recommended, with the exam presented at the course’s conclusion. Candidates may self-study for the exam but must submit documentation of at least two years of work experience in information security with employer verification. Self-study candidates must also pay an additional $100 application fee. Education may be substituted for experience, but this is evaluated on a case-by-case basis. Candidates who complete any EC-Council-approved training (including iClass platform, academic institutions or through an accredited training center do not need to submit an application prior to attempting the exam.
Because technology in the field of hacking changes almost daily, CEH credential holders are required to obtain 120 continuing education credits for each three-year cycle.
Once a candidate obtains the CEH (ANSI) designation, a logical progression on the EC-Council certification ladder is the Certified Ethical Hacker (Practical) credential. A recent addition to the EC-Council certification portfolio, the CEH (Practical) designation targets the application of CEH skills to real-world security audit challenges and related scenarios. To obtain the credential, candidates must pass a rigorous six-hour practical examination. Conducted on live virtual machines, candidates are presented 20 scenarios with questions designed to validate a candidate’s ability to perform tasks such as vulnerability analysis, identification of threat vectors, web app and system hacking, OS detection, network scanning, packet sniffing, steganography, virus identification and more. Candidates who pass both the CEH (ANSI) and CEH (Practical) exams earn the CEH (Master) designation.
CEH facts and figures
| Certification name | Certified Ethical Hacker (CEH) (ANSI) |
| Prerequisites and required courses | Training is highly recommended. Without formal training, candidates must have at least two years of information security-related experience and an educational background in information security, pay a nonrefundable eligibility application fee of $100, and submit an exam eligibility form prior to purchasing an exam voucher. |
| Number of exams | One: 312-50 (ECC Exam)/312-50 (VUE) (125 multiple-choice questions, four hours) |
| Cost of exam | $950 (ECC exam voucher) Note: An ECC exam voucher allows candidates to test via computer at a location of their choice. Pearson Vue exam vouchers allow candidates to test in a Pearson Vue facility and cost $1,199. |
| URL | https://www.eccouncil.org/programs/certified-ethical-hacker-ceh |
| Self-study materials | EC-Council instructor-led courses, computer-based training, online courses and more are available at ECCouncil.org. A CEH skills assessment is also available for credential seekers. Additionally, Udemy offers CEP Practice Exams. CEH-approved courseware is available for $850 from EC-Council. |
Certified Ethical Hacker (CEH) Training
While EC-Council offers both instructor-led and online training for its CEH certification, IT professionals have plenty of other options for self-study materials, including video training, practice exams and books.
Pluralsight currently offers various ethical hacking courses geared toward the 312-50 exam. With a monthly subscription, you get access to all these courses plus everything else in Pluralsight’s training library. Through Pluralsight’s ethical hacking courses, IT professionals learn about session hijacking, reconnaissance and footprinting, SQL injection, enumeration, social engineering, and how to hack web servers, applications and mobile platforms.
Kaplan IT Training offers a practice exam for the CEH 312-50 certification that includes several sets of exam-like questions, custom quizzes, flashcards and more. An exam prep subscription for 180 days costs $149 and allows candidates access to online study materials, as well as the ability to download the materials for offline study. Backed by its “pass the first time” guarantee, Kaplan IT is so confident that this practice exam will prepare you for the CEH that it will refund its practice test costs if you don’t pass.