EC-Council Certified Security Analyst (ECSA): Penetration Testing
WHAT IS ECSA?
- The new ECSAv10 includes updated curricula and an industry-recognized comprehensive step-by-step penetration testing methodology.
- This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.
- Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pen testing requirements across different verticals.
- It is a highly interactive, comprehensive, standards-based, intensive training program that teaches information security professionals how professional real-life penetration testing is conducted. Organizations today demand a professional level pen testing program and not just pen testing programs that provide training on how to hack through applications and networks. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks.
ECSA course is a part of the VAPT Track of EC-Council. ECSA is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.
In the new ECSAv10 course, students that pass the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential.
- EC Council Certified Security Analyst, ECSA complements the CERTIFIED ETHICAL HACKER, CEH certification by exploring the analytical phases of ethical hacking.
- The objective of the EC Council Certified Security Analyst, ECSA is to add value to experienced security professionals by providing security training that will help them analyze the outcome of their VULNERABILITY ASSESSMENTS. Penetration Testing Training leads the learner into the advanced stages of ethical hacking.
- While the Certified Ethical Hacker certification exposes the learner to hacking tools and technologies, the Certified Security Analyst course takes it to step further by exploring how to analyze the outcome from these tools and technologies.
- Through groundbreaking penetration testing methods and techniques, the pen testing security training course helps to perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure.
- This makes the Certified Security Analyst "PENETRATION TRAINING" a relevant milestone towards achieving EC COUNCIL's LICENSED PENETRATION TESTER, which also ingrains the learner in the business aspect of penetration testing.
- The ECSA standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.
Each and every content and machines are covered by CyberTech Infosolutions of ECSA with hands-on approach and techniques. ESCA course training provided by CYBERTECH INFOSOLUTIONS in Mumbai is the best training under the guidance of Experts and Experienced Faculties.
Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:
- Network Penetration : Testing Identify security issues in network design and implementation
- Web Application Penetration Testing : Detect security issues in web applications that exist due to insecure design and development practices
- Social Engineering Penetration Testing : Identify employees that do not properly authenticate, follow, validate, handle, the processes and technology
- Wireless Penetration Testing : Identify misconfigurations in the organization’s wireless infrastructure including WLAN, Mobile
- Cloud Penetration Testing : Determine security issues in an organization’s cloud infrastructure
- Database Penetration Testing : Identify security issues in the configuration of the database server and their instances
Attaining the Industry’s Most Comprehensive Methodology Based Pen Testing Certification.
- ECSA v10 Exam Title: EC-Council Certified Security Analyst v10
- Number of Questions: 150
- Duration: 4 hours
- Availability: ECC Exam Centre
- Test Format: Multiple Choice
- Passing Criteria: 70%
Self Study Modules :
- Penetration Testing Essential Concepts
- Password Cracking Penetration Testing
- Denial-of-Service Penetration Testing
- Stolen Laptop, PDAs and Cell Phones Penetration Testing
- Source Code Penetration Testing
- Physical Security Penetration Testing
- Surveillance Camera Penetration Testing
- VoIP Penetration Testing
- VPN Penetration Testing
- Virtual Machine Penetration Testing
- War Dialing
- Virus and Trojan Detection
- Log Management Penetration Testing
- File Integrity Checking
- Telecommunication and Broadband Communication Penetration Testing
- Email Security Penetration Testing
- Security Patches Penetration Testing
- Data Leakage Penetration Testing
- SAP Penetration Testing
- Standards and Compliance
- Information System Security Principles
- Information System Incident Handling and Response
- Information System Auditing and Certification
ECSA COURSE OUTLINE :
- Introduction to Penetration Testing and Methodologies
- Penetration Testing Scoping and Engagement Methodology
- Open Source Intelligence (OSINT) Methodology
- Social Engineering Penetration Testing Methodology
- Network Penetration Testing Methodology - External
- Network Penetration Testing Methodology - Internal
- Network Penetration Testing Methodology - Perimeter Devices
- Web Application Penetration Testing Methodology
- Database Penetration Testing Methodology
- Wireless Penetration Testing Methodology
- Cloud Penetration Testing Methodology
- Report Writing and Post Testing Actions
WHO SHOULD ATTEND:
Ethical Hackers, Penetration Testers, Security Analysts, Security Engineers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators, and Risk Assessment Professionals.
The ECSA exam aims to test a candidate’s knowledge and application of critical penetration testing methodologies. Candidates that successfully pass the multiple-choice exam will be awarded the ECSA credential. As a powerful addition to the ECSA exam, the new ECSA (Practical) exam is now available adding even more value to the ECSA certification.
ELIGIBILITY CRITERIA FOR ECSA EXAM:
- Attend official training via an EC-Council accredited training channel
- Possess a minimum of 2 years of working experience in a related InfoSec domain
- ECSA (Practical) is a 12 hours’ rigorous practical exam. ECSA (Practical) presents you with a simulated organization and its underlying networks, each containing multiple hosts.
- The candidates are required to demonstrate the application of penetration testing methodology presented in the ECSA program to perform a comprehensive security audit of the organization.
- You will start with challenges requiring you to perform advanced network scans beyond perimeter defences, leading to automated and manual vulnerability analysis, exploit selection, customization, launch and post-exploitation maneuvers.
- ECSA (Practical) also tests your skills to perform threat and exploit research, skills to understand exploits in the wild, writing your own exploits, customize payloads and your ability to make critical decisions at different phases of a pen testing engagement that can make or break the whole assessment.
- You will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.
- The ECSA (Practical) credential provides an assurance that the candidate possesses the skills required on the field and will stand testimony of your ability to undergo the rigor of the profession.
About the Exam: 12 hours rigorous, online proctored practical exam