Practical Junior Mobile Tester + Certified Mobile Pentester (CMPen) - Android Review

Happy Holidays everyone!

Been a bit since my last post. Took a little bit of time off for the Holidays and figured I'd put some exam vouchers to use. I recently sat for and cleared the PJMT (from TCM Security) and the CMPen - Android (from The SecOpsGroup). I wanted to share some of my experience with both.

To level set, my background with Pentesting Mobile Applications is pretty minimal. Back in 2020, I sat in on SEC575, taught by 614 at the time. Even though I picked up GMOB after taking the class, I sat on the material, and didn't actually perform a Mobile Penetration Test until a year and a half later or so. Mobile Pentesting currently makes up a tiny percentage of my 8 to 5 grind. When I do get to do it on my shift, there's always part of me that gets stoked because it's not something I regularly do.

Practical Junior Mobile Tester (PJMT)

Couple months back, when I read about TCM Security releasing their PJMT Certification, and additionally seeing The SecOps Group also releasing their CMPen Android Exam, I thought to myself, finally a couple hands-on keyboard exams for Mobile Pentesting are out.

The PJMT course is designed for beginners to mobile application testing. It covers both Android and iOS applications, with a focus on common vulnerabilities and testing methodologies.

The course content is well-structured and Heath (the instructor) does an excellent job of explaining concepts in a clear, understandable way. The practical exercises are particularly valuable, giving you hands-on experience with the tools and techniques discussed.

Certified Mobile Pentester (CMPen) - Android

The CMPen - Android certification focuses specifically on Android application security testing. It's a bit more advanced than the PJMT, diving deeper into Android-specific vulnerabilities and exploitation techniques.

The exam is entirely hands-on, requiring you to identify and exploit vulnerabilities in a provided Android application. It tests not just your technical skills, but also your methodology and approach to mobile application testing.

Comparison and Recommendations

Both certifications are valuable, but they serve slightly different purposes:

• PJMT is excellent for beginners or those looking for a broader overview of mobile application security (covering both Android and iOS)
• CMPen - Android is more specialized and goes deeper into Android-specific security issues

If you're new to mobile application security, I'd recommend starting with the PJMT. Once you're comfortable with the basics, the CMPen - Android provides a good next step to deepen your Android-specific knowledge.

Conclusion

Mobile application security is an increasingly important field, and both of these certifications provide valuable knowledge and skills. Whether you're looking to specialize in mobile security or just add it to your existing security skill set, they're worth considering.