free cybersecurity certifications

Free Cybersecurity Certifications and Courses

Note: This post will be updated every month with new courses and content.

In the vast and intricate landscape of today’s digital world, the realm of cybersecurity serves as the guardian of our digital frontiers. As custodians of information integrity, cybersecurity professionals have the crucial mission of fortifying our online domains against evolving threats. For those determined not only to face but to surpass the challenges of this dynamic field, a strategic approach to specialized training becomes paramount.

In this odyssey of learning, we set sail into the realms of Red Team, Offensive Security, Ethical Hacking, Pentesting, General Cybersecurity, Purple Team and Blue Team discovering a hidden treasure trove of free certifications spanning the diverse spectrum of cybersecurity.

Note: This content is not sponsored, it is completely neutral.

Cybersecurity Certifications and Courses

Certified in Cybersecurity (CC) – ISC2

ISC2 Pledges One Million FREE ISC2 Certified in Cybersecurity Courses and Exams

CC training prepares learners to perform the basic and essential tasks of an entry-level cybersecurity analyst without supervision or guidance.


  • Domain 1. Security Principles
  • Domain 2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
  • Domain 3. Access Controls Concepts
  • Domain 4. Network Security
  • Domain 5. Security Operations

Get the Certification: >

Important: Upon passing the exam, complete the application form and pay U.S. $50 Annual Maintenance Fee (AMF). 

ISO/IEC 27001 Information Security Associate – SKILLFRONT

This certification aimed at training professionals to become experts in the identification and mitigation of risks associated with new technologies.

The Skills You’ll Learn:

  • Chapter 1. Why Does ISO/IEC 27001 Matter?
  • Chapter 2. The Structure Of ISO/IEC 27001
  • Chapter 3. ISMS Scope and Statement of Applicability (SoA)
  • Chapter 4. Mandatory Requirements for Organizational ISO 27001 Certification
  • Chapter 5. ISO 27001 Audit Programs
  • Chapter 6. ISO 27001 Step-By-Step Implementation Guide
  • Chapter 7. ISO 27001 Roles And Responsibility In Organizations
  • BONUS Chapter 1. Become A Bit Better Than You, Every day.
  • BONUS Chapter 2. Next Steps For The Pursuit Of Growth.

Get the Certification: >

Junior Cybersecurity Analyst – CISCO

This Junior Cybersecurity Analyst Career Path prepares you for the entry-level Cisco Certified Support Technician (CCST) Cybersecurity certification and entry-level cybersecurity positions such as Cybersecurity Technician, Cybersecurity Analyst, or Tier 1 Help Desk Support roles.

You will learn vital skills like:

  • Threat intelligence
  • Network security.
  • Risk management to protect yourself and organizations from cyber attacks.

If you enjoy solving puzzles, are passionate about technology, and like working in teams, the field of cybersecurity may be a great fit for you!

Get the Course and Digital badge: >

Cybersecurity Courses – Extra Skills

Cybersecurity professionals who can protect and defend an organization’s network are in high-demand right now. Put your detective-like qualities to work by gaining knowledge toward a career in fighting cybercrime.

Courses with Digital badge:

Ethical Hacking Certifications and Courses

Ethical Hacker – CISCO

This course is designed to prepare you with an Ethical Hacker skillset and give you a solid understanding of offensive security. You will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies. Follow an engaging gamified narrative throughout the course and get lots of practice with hands-on labs inspired by real-world scenarios.

You will learn:

  • Understanding the mindset of threat actors.
  • You will be able to more effectively implement security controls and monitor, analyze, and respond to current security threats.

Get the Course and Digital badge: >

Practical Ethical Hacking – TCM Security

This course is a 12-hour introduction to the practical side of ethical hacking. Students will learn how to use tools and techniques that are used by professional ethical hackers. The course is hands-on and will cover many foundational topics.

Get the Course: >

Ethical Hacking Essentials (EHE) – EC-COUNCIL

Ethical Hacking Essentials is an introductory cybersecurity course that covers ethical hacking and penetration testing fundamentals and prepares learners for a career in cybersecurity. This course will introduce learners to computer and network security concepts such as threats and vulnerabilities, password cracking, web application attacks, IoT and OT attacks, cloud computing, pentesting fundamentals, and more.

What You Will Learn:

  • Fundamentals of information security and ethical hacking.
  • Information security threats and vulnerabilities, types of malwares, and vulnerability assessments
  • Password cracking techniques, tools, and countermeasures
  • Social engineering concepts, its phases, techniques, and countermeasures
  • Network-level attacks including sniffing, denial-of-service, and session hijacking, and their countermeasures
  • Application-level attacks including webserver exploitation, OWASP top10 attacks, and SQL injection and their countermeasures
  • Wireless encryption, attacks, and countermeasures
  • Mobile, IoT, and OT attacks, and countermeasures
  • Cloud computing threats and countermeasures
  • Penetration testing fundamentals, its benefits, strategies, and phases

Get the Certificate of Completion:

Network Penetration Testing for Beginners –

Learn network penetration testing / ethical hacking in this full tutorial course for beginners. This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field. Throughout the course, we will develop our own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :).

Start to learn penetration testing / ethical hacking: >

Pentesting Certifications and Courses

OSINT Fundamentals – TCM Security

This is a 4.5 hour course on open source intelligence (OSINT) tactics and techniques. It is designed to help students improve their investigative skills, research methodology, and personal OPSEC.

Get the Course: >

Linux for Hackers – TCM Security

This course introduces you to the Linux operating system and how that can be leveraged as a penetration tester. The course covers fundamental knowledge about Kali Linux, Frequently Used Commands and Scripting, and more.

Get the Course: >

Buffer Overflows – TCM Security

This is a free buffer overflow course that will teach you the basics of how to exploit a buffer overflow vulnerability. You will learn about spiking, fuzzing, finding offsets, overwriting EIPs, and finding bad characters. This course is perfect for beginners who want to learn how to exploit these types of vulnerabilities.

Get the Course: >

Python for Beginners – TCM Security

This 3-hour long course is designed to teach the basics of the Python programming language with a focus on how it can be used for ethical hacking purposes. This course teaches you about strings, variables, functions, expressions, lists, tuples, and more. Students will learn how to write Python code and use it in the real world.

Get the Course: >

Web Application Hacking – TCM Security

The Web Application Hacking for Beginners Series is a five-hour long course that teaches students the fundamentals of web application penetration testing. The course covers topics such as Burpsuite and Nikto, and provides students with hands-on experience with the real tools, applications, and methodologies used by professional penetration testers every day.

Get the Course: >

API Security for Connected Cars and Fleets – APISEC University

As cars and fleets become more connected, APIs are the glue that allows users and companies to track, manage, and operate their vehicles. In this 2-hour course we examine how APIs can be exploited and how to keep them safe.

  • Explore the growing threat of automotive cyberattacks and the danger of API-based attacks from 2015 to today.
  • Uncover the diverse API attack surfaces and their real-world consequences, including recent examples.
  • Bring an operational perspective to API security by leveraging connected vehicle data for contextual analysis.
  • Leverage no-code tools and cross-organizational visibility for a deep shift-left approach to secure automotive, smart mobility, and fleet APIs.

Get the certificate and badge for completing the course: >

API Security for PCI Compliance – APISEC University

This 60-minute course examines the new PCI DSS 4.0 requirements and details the API security obligations for compliance. DSS 4.0 introduces API security concerns for the time ever – enroll to understand what the implications are for your organization.

  • Overview of the API Security for PCI Compliance course.
  • Understand why APIs have become a primary target for attackers.
  • Review of the PCI standard, history and evolution.
  • Examination of the DSS requirements and changes in 4.0.
  • Detailed look at DSS sections and the implications for API security and compliance.
  • Course summary, including best practices and do’s and don’ts.

Get the certificate and badge for completing the course: >

API Documentation Best Practices – APISEC University

This 2-hour course covers everything you need to know to create, automate, and publish API documentation your developers, partners and users will love. You’ll also learn why API documentation is the foundation for strong governance, effective API security, and achieving your API business goals.

  • Introduction to API documentation and the agenda for this course.
  • Understand the value of documentation, types of documentation, and who creates documentation.
  • Understand why good API documentation matters for security, governance, and partnerships.
  • In this module we’re learn out to write good documentation and walk through a live examples.
  • Discover tools and techniques for creating documentation, and their respective pros and cons.
  • Wrap up the course with some tactical best practices to help improve your API documentation.

Get the certificate and badge for completing the course: >

OWASP API Security Top 10 and Beyond – APISEC University

This 90 minute course provides a deep-dive into the 2023 edition of the OWASP API Security Top 10 – and covers key concepts that didn’t make it into the Top 10.

  • Learn about the OWASP organization, the history behind the API Security Top 10, and what’s changed between 2019 and 2023.
  • API1:2023 – Broken Object Level Authorization: BOLA is still the leading vulnerability that plagues APIs. When data objects do not have sufficient access controls in place, resources can be accessed by unauthorized users.
  • API2:2023 – Broken Authentication: Broken Authentication contains all vulnerabilities associated with authentication. This section includes weak passwords, JSON Web Token (JWT) misconfigurations, and insecure lockout mechanisms.
  • API3:2023 – Broken Object Property Level Authorization: BOPLA is the combination of Excessive Data Exposure and Mass Assignment. An application should have sufficient access controls to prevent a user from altering sensitive data object properties.
  • API4:2023 – Unrestricted Resource Consumption: APIs have technical and financial costs per request. If an API does not have sufficient controls in place then there will be a negative impact on the API provider.
  • API5:2023 – Broken Function Level Authorization: This vulnerability is present if there are insufficient access controls in place between different user groups to perform sensitive actions.
  • API6:2023 – Unrestricted Access to Sensitive Business Flows: Unrestricted Access to Sensitive Business Flows represents the risk of an attacker being able to identify and exploit API-driven workflows.
  • API7:2023 – Server Side Request Forgery: Server Side Request Forgery is a vulnerability that takes place when a user is able to control the remote resources retrieved by an application.
  • API8:2023 – Security Misconfiguration: Security Misconfiguration represents a catch-all for many vulnerabilities related to the systems that host APIs.
  • API9:2023 – Improper Inventory Management: Improper Inventory Management represents the risks involved with exposing non-production and unsupported API versions.
  • API10:2023 – Unsafe Consumption of APIs: Unsafe Consumption of APIs is the only item on the top ten list that focuses less on the risks of being an API provider and more on the API consumer.
  • This module examines key threats outside the Top 10, including, injections, file upload vulnerabilities, business logic vulnerabilities, and logging and monitoring.

Get the certificate and badge for completing the course: >

API Security Fundamentals – APISEC University

This 90-minute course covers the core threats to APIs and how to prevent breaches. Learn the OWASP API Security Top 10, examine  real-world API attacks, and understand the 3 Pillars of API Security.

  • The Introduction covers why APIs have become the number one target for successful attacks and theft of millions of records.
  • Examine the anatomy of these real-world API breaches and how attackers exploited application vulnerabilities.
  • Review the OWASP API Security Top 10, updated in 2023, with examples, exposure risks, and how to prevent vulnerabilities.
  • Securing APIs requires a solid foundation. This module explores the 3 Pillars of API Security: Governance, Testing, and Monitoring.
  • Understand where different application security technologies fit, what protection they provide, and what gaps you may need to fill.
  • Wrap-up with a summary of API security best practices and a review of Do’s and Don’ts for Development, Operations, and Security teams.

Get the certificate and badge for completing the course: >

API Penetration Testing Course – APISEC University

The API Penetration Testing course covers all the key topics to become an APIsec professional. This hands-on course includes over 12 hours of live instruction and provides detailed labs on API hacking techniques and how to uncover vulnerabilities.

  • The APIsec Certified Expert (ACE) will guide you through actively testing for API security flaws. This course is a self-paced, practical guide that will show you the tools and techniques that can be leveraged to attack web APIs.
  • Lab Setup: You’ll need to prepare an API hacking system for this course. In this section we’ll provide resources for you to set up your own hacking lab.
  • API Reconnaissance: In this module, you will learn passive tools and techniques that can be used to discover and analyze APIs.
  • Endpoint Analysis: In this module, you will learn to make API requests and analyze responses. In addition, you will learn to test for Excessive Data Exposure and Business Logic Flaws.
  • Scanning APIs: Now that you have discovered and analyzed an API it is time to learn to properly scan APIs for weaknesses. In this module, you will learn to scan for common security misconfigurations.
  • API Authentication Attacks: Here we dive into various API authentication attacks including password brute force, password reset, password spraying and MFA brute force.
  • Exploiting API Authorization: In this workshop, I will guide you through testing the vulnerable application VAmPI for Broken Object Level Authorization vulnerabilities (BOLA).
  • Testing for Improper Assets Management: In this module, you will learn to perform tests for Improper Assets Management.
  • Mass Assignment: In this module, you will learn to test for Mass Assignment vulnerabilities.
  • Injection Attacks: In this module, you will learn to perform various injection attacks including SQL, NoSQL, and XSS.
  • Rate Limit Testing: In this module, you will learn a variety of techniques to test APIs for rate limiting.
  • Combining Tools and Techniques: In this module, you will learn to combine tools and techniques from the previous module to exploit API weaknesses.

Get the certificate and badge for completing the course: >

Burp Suite Training – PortSwigger

The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. It is a living resource, that we’ll continue updating with new material and labs, covering the latest developments in web security research.

Academy Modules with Labs:

  • SQL injection
  • Authentication
  • Path traversal
  • Command injection
  • Business logic vulnerabilities
  • Information disclosure
  • Access control
  • File upload vulnerabilities
  • Race conditions
  • Server-side request forgery (SSRF)
  • XXE injection
  • NoSQL injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Cross-origin resource sharing (CORS)
  • Clickjacking
  • DOM-based vulnerabilities
  • WebSockets
  • Insecure deserialization
  • GraphQL API vulnerabilities
  • Server-side template injection
  • Web cache poisoning
  • HTTP Host header attacks
  • HTTP request smuggling
  • OAuth authentication
  • JWT attacks
  • Prototype pollution
  • Essential skills

Start to learn about pentesting web: >

OWASP Top 10 for Web – Kontra

KONTRA’s developer security training of OWASP Top 10 is inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules to help developers understand, identify and mitigate security vulnerabilities in their applications.

What will you learn:

Start to learn about OWASP TOP 10: >

Penetration Testing and Ethical Hacking – Cybrary

To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform scanning and enumeration, and show how an adversary could hack into your systems. This ethical hacking course will give you those skills and prepare you for related certification exams so you can prove your capabilities.

Get the course and Certificate of Completion: >

BlueTeam Certifications and Courses

Digital Forensics Essentials (D|FE) – EC-COUNCIL

The D|FE was designed to help beginners grasp the foundations of digital forensics with hands-on skills and validate their knowledge as information security professionals. This free cybersecurity course will teach learners the steps, practices, and methodologies to follow during a digital forensics investigation.

Course Modules:

  • Computer Forensics Fundamentals
  • Computer Forensics Investigation Process
  • Understanding Hard Disks and File Systems
  • Data Acquisition and Duplication
  • Defeating Anti-forensics Techniques
  • Windows Forensics
  • Linux and Mac Forensics
  • Network Forensics
  • Investigating Web Attacks
  • Dark Web Forensics
  • Investigating Email Crime
  • Malware Forensics

Get the certificate and badge for completing the course: >

Network Defense Essentials (N|DE) – EC-COUNCIL

With this free cybersecurity course, you will build strong foundations in network defense and information security facets that can help prepare you for a career in cybersecurity. N|DE highlights the fundamentals of network security and protocols, network security controls, understanding identity and access management, and more.

Course Modules:

  • Network Security Fundamentals
  • Identification, Authentication, and Authorization
  • Network Security Controls: Administrative Controls
  • Network Security Controls: Physical Controls
  • Network Security Controls: Technical Controls
  • Virtualization and Cloud Computing
  • Wireless Network Security
  • Mobile Device Security
  • IoT Device Security
  • Cryptography and PKI
  • Data Security
  • Network Traffic Monitoring

Get the certificate and badge for completing the course: >


Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix. You’ll learn how to:

  • Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery
  • Add authentication and shape access control to protect accounts
  • Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions, or escalating privileges
  • Implement encryption
  • Manage vulnerabilities in legacy code
  • Prevent information leaks that disclose vulnerabilities
  • Mitigate advanced attacks like malvertising and denial-of-service

Start to learn how to protect: >

More Content On!