Pentest Exam (BACPP)
Our portal offers corporate customers further functions: companies can create and manage accounts for their employees. You can also assign different course licenses to specific employees. Corporate customers can also get comprehensive license packages at a discount.
- Manage employee accounts
- Assign licenses to employees
- Purchase license packs
Successfully complete a penetration test and get our pentest certificate: Binsec Academy Certified Pentest Professional (BACPP).
The BACPP certificate shows third parties that you can
- compromise IT systems and develop zero day exploits,
- examine networks and applications for vulnerabilities in a reproducible process,
- list all your findings in a structured report for a client and prioritise them according to their risk,
- professionally carry out a multi-day penetration test.
At the start of the course, our portal provides you with
- access to the digital course materials (information for the exam),
- your OpenVPN access data for the virtual network of "Vulnus Health Inc.".
You will get 5 days access to the IT infrastructure of "Vulnus Health Inc.", which comprises multiple network segments. During this time, your job is to carry out a penetration test of the IT systems and applications. You will note down the results of your penetration test in a final report and send it to us encrypted. If the report is structured, intelligible, logical and complete and if you have identified the most important vulnerabilities of the "Vulnus Health Inc." network, you will receive the BACPP certificate as proof of your achievement.
It goes without saying that you must have a computer to perform penetration tests at the network and application level. This computer must run Linux (e.g. Debian, Ubuntu, Kali Linux), which you can also operate virtualised, e.g. with VirtualBox. We recommend the following hardware:
- min. 6 GB of RAM
- min. 20 GB of free hard disk space
- Internet speed of 1 Mbps or more
To connect to our lab, you need the open source software "OpenVPN". If you use a firewall that restricts outgoing data traffic, e.g. in a corporate network, you may need to enable (or have enabled) the associated TCP port. We will provide you with the port number together with the configuration file for your VPN. For technical reasons, this is not the default port of OpenVPN.
"The BACPP's laboratory, which is based on a real corporate infrastructure, was detailed and diversified. So it was fun to put my skills to the test and gain additional experience while doing so."Florian Struck
"Metaphorically speaking, I had to bang my head against the wall to pass the BACPP exam - they don't make it easy on you, that's for sure. But in the end, it made it easier for me to find work as an IT Security Consultant and it gave me the necessary know-how to carry out a professional pentest."Saed Alavi
"The BACPP exam helped me considerably in understanding the difference between professional pentesting and mere hacking. The "Pentest 101" course from the optional pentest training prepares you excellently for your job and thus for the certification."Niklas Bessler
Please also note our general FAQ FAQ page. Below are the most common questions and answers about the exam:
You are ready to take the exam once you have successfully penetrated the majority of the applications and systems of Dubius Payment Ltd. as part of the "Pentest Training" (including the API). The time required for this pentest is such that a professional penetration tester would take about 2 to 3 days (at 8 hours a day), while you have lab access for 5 days. However, please keep in mind that we place emphasis on performing professional penetration tests, which include a well-founded, extensive report that you would hand over to the client in the real world.
Yes, you may repeat the exam. Contact support to get a voucher for a discount if you failed the exam.