Certified Security Analyst | ECSA Course

ECSAV10

EC-Council Certified Security Analyst (ECSA) Course

iLearn Self-Paced Base package includes:

  • Instructor led training modules (1 year access)
  • Official e-courseware (1 year access)
  • iLabs access (6 Months Access)
  • Certificate of Completion for each course
  • Exam Voucher

To Customize your package click on Select Options,
if you are interested but still have questions, click Contact Us.

Course Description

The ECSA course is a fully hands-on program with labs and exercises that cover real world scenarios. By practicing the skills that are provided to you in the ECSA class, we are able to bring you up to speed with the skills to uncover the security threats that organizations are vulnerable to.

This can be achieved effectively with the EC-Council iLabs Cyber Range. It allows you to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection.

Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials allowing you to launch a complete live range for any form of hacking or testing.

Course Overview

ECSA Course Demo

Meet your Instructor:

iLabs Demo:

What’s new in ECSA V10

Maps to NICE 2.0 Framework

ECSAv10 maps to NICE framework’s Analyze (AN) and Collect and
Operate (CO) specialty area

Blended with both manual and automated
penetration testing approach

There are many numbers of automated pen testing tools out there in the marketplace including high priced sophisticated tools, but they are not adequate. Most advanced tools are of little value if no one knows how to use them.

Manual penetration testing is the perfect complement to automated penetration Testing. Certain penetration test such as logic testing cannot be performed using automated tools. It requires human intervention to test against such vulnerabilities.

According to the MITRE Corporation, automated pen testing tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention.

Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:

Network Penetration Testing

Identify security issues in network design and implementation.

Web Application Penetration Testing

Detect security issues in web applications that exists due to insecure design and development practices.

Social Engineering Penetration Testing

Identify employees that do not properly authenticate, follow, validate, handle, the processes and technology.

Wireless Penetration Testing

Identify misconfigurations in organization’s wireless infrastructure including WLAN, Mobile.

Cloud Penetration Testing

Determine security issues in organization’s cloud infrastructure.

Database Penetration Testing

Identify security issues in the configuration of database server and their instances.

Hands-on labs demonstrating practical and realtime experience on each of area of penetration testing

Practical knowledge can lead to a deeper understanding of a concept through the act of doing. The course is also aiming to provide practical experience through hands-on labs on thorough penetration testing process from scoping and engagement to report writing The student will get a direct experience by working on these hands-on labs.

All New Module for Social Engineering Pen Testing

The ECSA curriculum presents a comprehensive Social Engineering Pen Testing Methodology where others program only makes a mere reference of this. According to 2017 Verizon Data Breach Investigation Report, on an overall, 43% of the documented breaches involved social engineering attacks!

We see this as a huge gap and that is where, the ECSA program is carefully designed and developed to be comprehensive in its coverage of the pentesting domain.

Increased Focus on Methodologies

ECSA V10 brings an enhanced concentration on methodology for network, web application, database, wireless, and cloud pen testing, whereas other certifications cover this superficially.

The new ECSA v10 program takes the tools you have learnt in the CEH and includes a wide-range of comprehensive scoping and engagement penetration testing methodologies that improves upon the best from ISO 27001, OSSTMM, and NIST Standards.

Presents a comprehensive scoping
and engagement methodology

Defining scope of penetration test is arguably one of the most important components of a penetration test, yet it is also one of the most overlooked in most of the penetration testing programs. A complete module is dedicated in the course to describe the pre-engagement activities in detailed, tells how to initiate and set the scope and Rule of Engagement (RoE) for the penetration test assignment.

Provides strong reporting writing guidance to draft valuable and comprehensive penetration report.

The report is the tangible output of the testing process, and the only real evidence that a test actually took place. Ultimately, it is the report that is sellable in penetration test assignment. If it is not well planned and drafted, the client may disagree with the findings of a test and will not justify the expense of the test. A separate module is dedicated in the course to describe the skills required to draft effective penetration test report depending upon the target audiences.

Provides standard templates that are required
during penetration test

The course is bundled with the bunch of standard templates that are necessary which helps students during scoping and engagement process well as collecting and reporting test results. No other program offers a set of comprehensive penetration templates like the ECSA!

Course Description

The ECSA program offers a seamless learning progress continuing where the CEH program left off. The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.

It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted. Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re engineered the ECSA program as a progression from the former.

Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.

Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks. This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.

In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential. This new credential allows employers to validate easily the skills of the student.

Who’s It For?

  • Ethical Hackers
  • Penetration Testers
  • Network server administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment professionals

Course Outline

  • Module 00: Penetration Testing Essential Concepts (Self-Study)
  • Module 01: Introduction to Penetration Testing and Methodologies
  • Module 02: Penetration Testing Scoping and Engagement Methodology
  • Module 03: Open-Source Intelligence (OSINT) Methodology
  • Module 04: Social Engineering Penetration Testing Methodology
  • Module 05: Network Penetration Testing Methodology – External
  • Module 06: Network Penetration Testing Methodology – Internal
  • Module 07: Network Penetration Testing Methodology – Perimeter Devices
  • Module 08: Web Application Penetration Testing Methodology
  • Module 09: Database Penetration Testing Methodology
  • Module 10: Wireless Penetration Testing Methodology
  • Module 11: Cloud Penetration Testing Methodology
  • Module 12: Report Writing and Post Testing Actions

About the Exam

Credit Towards Certification: ECSA

Number of Questions: 150

Passing Score: 70%

Test Duration: 4 Hours

Test Format: Multiple Choice

Test Delivery: ECC Exam Portal

Licensed Penetration Tester (LPT) Master

About the EC-Council Certified Security Analyst (Practical)

ECSA (Practical) is a 12-hour, rigorous practical exam built to test your penetration testing skills.
ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are confi­gured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.

The candidates are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program, and are required to perform a comprehensive security audit of an organization, just like in the real world. You will start with challenges requiring you to perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch, and post exploitation maneuvers.

Training Methods

iLearn Self-Paced Online Security Training

iLearn is EC Council’s online, self-paced option which means that all of the same modules taught in the live course are recorded and presented in a streaming video format. A certification candidate can set their own learning pace by pausing the lectures and returning to their studies as their schedule permits!

This all-inclusive training program provides the benefits of classroom training at your own pace.

Base package includes:

  • Instructor-led, streaming video training modules – 1 year access
  • Official EC-Council e-courseware – 1 year access
  • iLabs, virtual lab platform – 6 months access
  • Certification Exam Voucher
  • Certificate of Attendance


Select Options

Live, Online, Instructor-led

Live,Online courses delivered Live, Online by a Certified EC-Council Instructor! Courses run 8 am to 4 pm Mountain time, Monday thru Friday.

Training Includes:

  • Official Courseware
  • iLabs, Online Labs (6 Months Access)
  • Certification Exam Voucher

Request Information

Client-Site

EC-Council can bring a turn-key training solution to your location. Call for a quote. Training Includes:

Training Includes:

  • Official Courseware
  • iLabs, Online Labs (6 Months Access)
  • Certification Exam Voucher

Request Information

Courseware Only

We recognize that some folks have the background and experience to forgo training, so official courseware is available for self-study. Click HERE to request the self-study exam application form

*Cost includes shipping

Note: The exam runs $650 with $100 application fee.


Request Information

Introducing the STORM!

Mobile Security Tool Kit

For the past several years we have offered our training on a mobile device so that you can take your training with you and eliminate the need to stream the videos. This device is the next generation mobile device. This is a fully loaded pen test tool kit comes equipped with a custom Linux Hacking OS and, wait for it… we can load your course (or 2) onto the device. In the sage words of Ray Bradbury, “Something Wicked This Way Comes.”

Terms of Use

Getting Started

Terms of Use

Note: The STORM mobile security tool kit contains a full Kali Linux load including all of the associated security tools. These tools are very powerful and all proper precautions should be adhered to at all times.

Always remember that the difference between illegal and ethical hacking comes down to one word; permission. It is illegal to utilize these or any other pen testing tools on a network or website without permission.

As stated in the terms and conditions, EC-Council is not responsible for illegal use of these tools and you accept the full liability for its usage. The entire code of ethics can be found here.

Specs

  • 64 Bit – Quad Core Mobile System with Case
  • 1 GB RAM
  • 7 inch touch screen display
  • 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
  • 100Mb Ethernet port
  • 4 USB ports
  • 802.11n wireless
  • Bluetooth 4.1

  • Combined 3.5mm audio jack and composite video
  • Camera interface (CSI)
  • Display interface (DSI)
  • VideoCore IV 3D graphics core
  • Full HDMI
  • USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
  • Rollup water resistant keyboard
  • Field Case Organizer for all your gear