Get Involved
Get In

ECSA Certifications

EC-Council Certified Security Analyst (ECSA)

The ECSA program offers a seamless learning progress continuing where the CEH program left off. The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-by- step penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.

 Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals. It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted.

 Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re-engineered the ECSA program as a progression from the former.Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.

Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks

This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.

In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential.  This new credential allows employers to validate easily the skills of the student.

Designed based on the most common penetration testing services provided by the

penetration testing service providers and consulting firms in the market including:

  • Network Penetration Testing

Identify security issues in network design and implementation

  • Web Application Penetration Testing

Detect security issues in web applications that exists due to insecure design and development practices

  • Social Engineering Penetration Testing

Identify employees that do not properly authenticate, follow, validate, handle, the processes and technology

  • Wireless Penetration Testing

Identify misconfigurations in organization’s wireless infrastructure including WLAN, Mobile,

  • Cloud Penetration Testing

Determine security issues in organization’s cloud infrastructure

  • Database Penetration Testing

Identify security issues in the configuration of database server and their instances

     Who Should Attend:

Ethical Hackers, Penetration Testers, Security Analysts, Security Engineers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators, and Risk Assessment Professionals. 

ECSA Exam:

  • The ECSA exam aims to test a candidate’s knowledge and application of critical penetration testing methodologies.
  • Candidates that successfully pass the multiple-choice exam will be awarded the ECSA credential.
  • As a powerful addition to the ECSA exam, the new ECSA (Practical) exam is now available adding even more value to the ECSA certification.

Eligibility Criteria for ECSA Exam

Attend offical training via an EC-Council accedited training channel Or Possess a minimum of 2 years of working experience in a related InfoSec domain


  1. Introduction to Penetration Testing and Methodologies
  2. Penetration Testing Scoping and Engagement Methodology
  3. Open Source Intelligence (OSINT) Methodology
  4. Social Engineering Penetration Testing Methodology
  5. Network Penetration Testing Methodology - External
  6. Network Penetration Testing Methodology - Internal
  7. Network Penetration Testing Methodology - Perimeter Devices
  8. Web Application Penetration Testing Methodology
  9. Database Penetration Testing Methodology
  10. Wireless Penetration Testing Methodology
  11. Cloud Penetration Testing Methodology
  12. Report Writing and Post Testing Actions

Enquiry form