EC-Council Certified Security Analyst (ECSA) Course
iLearn Self-Paced Base package includes:
- Instructor led training modules (1 year access)
- Official e-courseware (1 year access)
- iLabs access (6 Months Access)
- Certificate of Completion for each course
- Exam Voucher
To Customize your package click on Select Options,
if you are interested but still have questions, click Contact Us.
The ECSA course is a fully hands-on program with labs and exercises that cover real world scenarios. By practicing the skills that are provided to you in the ECSA class, we are able to bring you up to speed with the skills to uncover the security threats that organizations are vulnerable to.
This can be achieved effectively with the EC-Council iLabs Cyber Range. It allows you to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection.
Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials allowing you to launch a complete live range for any form of hacking or testing.
ECSA Course Demo
Meet your Instructor:
What’s new in ECSA V10
Maps to NICE 2.0 Framework
ECSAv10 maps to NICE framework’s Analyze (AN) and Collect and
Operate (CO) specialty area
Blended with both manual and automated
penetration testing approach
There are many numbers of automated pen testing tools out there in the marketplace including high priced sophisticated tools, but they are not adequate. Most advanced tools are of little value if no one knows how to use them.
Manual penetration testing is the perfect complement to automated penetration Testing. Certain penetration test such as logic testing cannot be performed using automated tools. It requires human intervention to test against such vulnerabilities.
According to the MITRE Corporation, automated pen testing tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention.
Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:
Network Penetration Testing
Identify security issues in network design and implementation.
Web Application Penetration Testing
Detect security issues in web applications that exists due to insecure design and development practices.
Social Engineering Penetration Testing
Identify employees that do not properly authenticate, follow, validate, handle, the processes and technology.
Wireless Penetration Testing
Identify misconfigurations in organization’s wireless infrastructure including WLAN, Mobile.
Cloud Penetration Testing
Determine security issues in organization’s cloud infrastructure.
Database Penetration Testing
Identify security issues in the configuration of database server and their instances.
Hands-on labs demonstrating practical and realtime experience on each of area of penetration testing
Practical knowledge can lead to a deeper understanding of a concept through the act of doing. The course is also aiming to provide practical experience through hands-on labs on thorough penetration testing process from scoping and engagement to report writing The student will get a direct experience by working on these hands-on labs.
All New Module for Social Engineering Pen Testing
The ECSA curriculum presents a comprehensive Social Engineering Pen Testing Methodology where others program only makes a mere reference of this. According to 2017 Verizon Data Breach Investigation Report, on an overall, 43% of the documented breaches involved social engineering attacks!
We see this as a huge gap and that is where, the ECSA program is carefully designed and developed to be comprehensive in its coverage of the pentesting domain.
Increased Focus on Methodologies
ECSA V10 brings an enhanced concentration on methodology for network, web application, database, wireless, and cloud pen testing, whereas other certifications cover this superficially.
The new ECSA v10 program takes the tools you have learnt in the CEH and includes a wide-range of comprehensive scoping and engagement penetration testing methodologies that improves upon the best from ISO 27001, OSSTMM, and NIST Standards.
Presents a comprehensive scoping
and engagement methodology
Defining scope of penetration test is arguably one of the most important components of a penetration test, yet it is also one of the most overlooked in most of the penetration testing programs. A complete module is dedicated in the course to describe the pre-engagement activities in detailed, tells how to initiate and set the scope and Rule of Engagement (RoE) for the penetration test assignment.
Provides strong reporting writing guidance to draft valuable and comprehensive penetration report.
The report is the tangible output of the testing process, and the only real evidence that a test actually took place. Ultimately, it is the report that is sellable in penetration test assignment. If it is not well planned and drafted, the client may disagree with the findings of a test and will not justify the expense of the test. A separate module is dedicated in the course to describe the skills required to draft effective penetration test report depending upon the target audiences.
Provides standard templates that are required
during penetration test
The course is bundled with the bunch of standard templates that are necessary which helps students during scoping and engagement process well as collecting and reporting test results. No other program offers a set of comprehensive penetration templates like the ECSA!
The ECSA program offers a seamless learning progress continuing where the CEH program left off. The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.
Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.
It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted. Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re engineered the ECSA program as a progression from the former.
Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.
Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks. This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.
In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential. This new credential allows employers to validate easily the skills of the student.
Who’s It For?
- Ethical Hackers
- Penetration Testers
- Network server administrators
- Firewall Administrators
- Security Testers
- System Administrators and Risk Assessment professionals
- Module 00: Penetration Testing Essential Concepts (Self-Study)
- Module 01: Introduction to Penetration Testing and Methodologies
- Module 02: Penetration Testing Scoping and Engagement Methodology
- Module 03: Open-Source Intelligence (OSINT) Methodology
- Module 04: Social Engineering Penetration Testing Methodology
- Module 05: Network Penetration Testing Methodology – External
- Module 06: Network Penetration Testing Methodology – Internal
- Module 07: Network Penetration Testing Methodology – Perimeter Devices
- Module 08: Web Application Penetration Testing Methodology
- Module 09: Database Penetration Testing Methodology
- Module 10: Wireless Penetration Testing Methodology
- Module 11: Cloud Penetration Testing Methodology
- Module 12: Report Writing and Post Testing Actions
About the Exam
Credit Towards Certification: ECSA
Number of Questions: 150
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: ECC Exam Portal
Licensed Penetration Tester (LPT) Master
About the EC-Council Certified Security Analyst (Practical)
ECSA (Practical) is a 12-hour, rigorous practical exam built to test your penetration testing skills.
ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are configured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.
The candidates are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program, and are required to perform a comprehensive security audit of an organization, just like in the real world. You will start with challenges requiring you to perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch, and post exploitation maneuvers.
iLearn Self-Paced Online Security Training
iLearn is EC Council’s online, self-paced option which means that all of the same modules taught in the live course are recorded and presented in a streaming video format. A certification candidate can set their own learning pace by pausing the lectures and returning to their studies as their schedule permits!
This all-inclusive training program provides the benefits of classroom training at your own pace.
Base package includes:
- Instructor-led, streaming video training modules – 1 year access
- Official EC-Council e-courseware – 1 year access
- iLabs, virtual lab platform – 6 months access
- Certification Exam Voucher
- Certificate of Attendance
We recognize that some folks have the background and experience to forgo training, so official courseware is available for self-study. Click HERE to request the self-study exam application form
*Cost includes shipping
Note: The exam runs $650 with $100 application fee.
Introducing the STORM!
Mobile Security Tool Kit
For the past several years we have offered our training on a mobile device so that you can take your training with you and eliminate the need to stream the videos. This device is the next generation mobile device. This is a fully loaded pen test tool kit comes equipped with a custom Linux Hacking OS and, wait for it… we can load your course (or 2) onto the device. In the sage words of Ray Bradbury, “Something Wicked This Way Comes.”
- 64 Bit – Quad Core Mobile System with Case
- 1 GB RAM
- 7 inch touch screen display
- 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
- 100Mb Ethernet port
- 4 USB ports
- 802.11n wireless
- Bluetooth 4.1
- Combined 3.5mm audio jack and composite video
- Camera interface (CSI)
- Display interface (DSI)
- VideoCore IV 3D graphics core
- Full HDMI
- USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
- Rollup water resistant keyboard
- Field Case Organizer for all your gear