What is offensive security testing?
Offensive Security Testing typically means that you are performing an active engagement to identify vulnerabilities in a system by Penetration Testing a system. You are actively looking for weaknesses and flaws which may be used or exploited by a genuine advisory to gain access to information or interrupt the availability of a system or service.
Why is offensive security important?
Performing Offensive Security engagements or Penetration Tests is important because without ‘testing’ how do you know that your security controls and investment to protect your information, data and intellectual property is ‘safe’? The concept of penetration testing and offensive security testing is looking for possible weaknesses and vulnerabilities which may be used to compromise your organisation.
OSCP vs CEH
The Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) examinations are often compared. Both offer a different type of exam and process to achieve certification. The OSCP typically involves training via online labs with systems to test against and compromise, followed by an exam where an array of systems have to be breached and a report written and submitted for assessment. In contrast, the CEH typically involved either classroom or book based learning followed by a multiple-choice exam.
If you like this blog post, find more content in our Glossary.