2
What is EC-Council Certified Security Analyst – Licensed
Penetration Tester Program
You are an ethical hacker. Your last name is “Pwned.” You dream about enumeration and you can scan networks in your sleep. You have expert knowledge and an arsenal of hacking tools. You know how to successfully attack fully patched and hardened systems and circumvent common security controls.
Even though you may be able to write custom code to prevent exploits, what you may be lacking is the knowledge and experience to execute a successful penetration test according to accepted industry standards. Do you lack the knowledge to correctly apply ethical hacking tools while effectively conducting a security analysis of your organization’s network infrastructure?
The EC-Council Certified Security Analyst/Licensed Penetration Tester program consists of two components i.e. EC-Council Certified Security Analyst (ECSA) training and Licensed Penetration Tester (LPT) performance-based skill assessment.
4
How is EC-Council Security Analyst (ECSA)
Program Different From The Licensed
Penetration Testing (LPT) Program?
The EC-Council Certified Security Analyst (ECSA) program teaches various penetration testing and security auditing methodologies. Licensed Penetration Tester (LPT) program teaches the report writing skills of the professional pen tester. The LPT program was also designed to evaluate the student’s capabilities of performing penetration tests in real-time scenarios on an active cyber range.
How Many Certificates will I Get?
5
No. While the Certified Ethical Hacker (CEH) certification is not a prerequisite for the ECSA course, we strongly advise candidates to attain the CEH prior to the commencement of the ECSA course.
Yes. However, we strongly recommend candidates to pursue the Licensed Penetration Tester certification as it can be a major milestone in your career and establish you as a penetration tester and Information Security Auditor.
Do I have to be CEH to Attempt the ECSA Certification.
Can I take ECSA Training Only and Skip the Licensed Pentration
Tester training and certification?
6
7
What is the EC-Council Security Analyst Program
The ECSA Program is a 5-day complete hands-on training program. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies.
8
The ECSA course is a fully hands-on program. The exercises cover real world scenario. By practicing the skills that are provided to you in the ECSA class, we are able to bring candidates up to speed with the latest threats that organizations may be vulnerable to.
This can be achieved with the EC-Council iLabs cyber range. It allows students to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection.
Our simplistic web portal enables the student to launch an entire range of target machines and access them remotely with one simple click. It is the most cost effective, easy to use, live range lab solution available. With iLabs, lab exercises can be accessed 24x7 allowing the student to practice skills in a safe, fully functional network anytime it’s convenient.
Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials as well as our state-of-the-art “Open Environment” allowing students to launch a complete Live range open for any form of hacking or testing.
Available target machines are completely virtualized allowing us to control and reset machines quickly and easily with no required instructor or administrative interaction.
The ECSA Lab Environment
Network server administrators, firewall administrators, information
security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program.
Target Audience
I Class
24x7
9
Benefits of Becoming ECSA
Data Security Program - Advanced Penetration Testing
Students earn greater industry acceptance as seasoned security professionals. ECSAs learn to analyze the outcomes of security tools and security testing techniques. The ECSA sets students on the path toward achieving the LPT certification.
10
Core Modules
1. Need for Security Analysis 2. TCP IP Packet Analysis
3. Penetration Testing Methodologies 4. Customers and Legal Agreements 5. Rules of Engagement
6. Penetration Testing Planning and Scheduling 7. Pre-penetration Testing Steps
8. Information Gathering 9. Vulnerability Analysis
10. External Penetration Testing
11. Internal Network Penetration Testing 12. Firewall Penetration Testing
13. IDS Penetration Testing
14. Password Cracking Penetration Testing 15. Social Engineering Penetration Testing 16. Web Application Penetration Testing 17. SQL Penetration Testing
18. Penetration Testing Reports and Post Testing Actions
11
Self-Study Modules
19. Router and Switches Penetration Testing 20. Wireless Network Penetration Testing 21. Denial-of-Service Penetration Testing
22. Stolen Laptop, PDAs and Cell Phones Penetration Testing 23. Source Code Penetration Testing
24. Physical Security Penetration Testing 25. Surveillance Camera Penetration Testing 26. Database Penetration Testing
27. VoIP Penetration Testing 28. VPN Penetration Testing 29. Cloud Penetration Testing
30. Virtual Machine Penetration Testing 31. War Dialing
32. Virus and Trojan Detection
33. Log Management Penetration Testing 34. File Integrity Checking
35. Mobile Devices Penetration Testing
36. Telecommunicationand Broadband Communication Penetration Testing
37. Email Security Penetration Testing 38. Security Patches Penetration Testing 39. Data Leakage Penetration Testing 40. SAP Penetration Testing
41. Standards and Compliance
42. Information System Security Principles
12
ECSA v8 Exam Information
• Credit Towards Certification: ECSA v8 • Number of Questions: 150
• Passing Score: 70% • Test Duration: 4 hours • Test Format: Multiple Choice
13
How to Become ECSA?
14
Where can I Attend Training?
Job Roles for ECSA
For more information, visit the webpage http://www.eccouncil.org/Training
• Perform network and application penetration testing using both automated and manual techniques
• Design and perform audits of computer systems to ensure they are operating securely and that data is protected from both internal and external threats
• Assess system-wide security statuses
• Design and recommend security policies and procedures • Ensure compliance to policies and procedures
• Evaluate highly complex security systems according to industry best practices to safeguard internal information systems and databases
• Lead investigations of security violations and breaches and recommend solutions, prepare reports on intrusions as necessary, and provide an analysis summary for management
15
Why EC-Council Security Analyst is Best
• Presents industry accepted comprehensive pen testing standards on 44 domains • Covers advanced topics such as Mobile, Cloud, and Virtual Machine pen testing
• Maps to NICE’s Protect and Defend, Operate and Collect, and Analyze Specialty Area Category • Covers all the requirements of National Information Assurance Training Standard For