Certified Security Analyst | ECSA
Certified Security Analyst | ECSA
The EC-Council Certified Security Analyst (ECSA) course is a fully hands-on program with labs and exercises that cover real world scenarios. By practicing the skills that are provided to you in the ECSA class, we are able to bring you up to speed with the skills to uncover the security threats that organizations are vulnerable to.
This can be achieved effectively with the EC-Council iLabs Cyber Range. It allows you to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection.
Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials allowing you to launch a complete live range for any form of hacking or testing.
Course Outline
- Module 00: Penetration Testing Essential Concepts (Self-Study)
- Module 01: Introduction to Penetratiaon Testing and Methodologies
- Module 02: Penetration Testing Scoping and Engagement Methodology
- Module 03: Open-Source Intelligence (OSINT) Methodology
- Module 04: Social Engineering Penetration Testing Methodology
- Module 05: Network Penetration Testing Methodology – External
- Module 06: Network Penetration Testing Methodology – Internal
- Module 07: Network Penetration Testing Methodology – Perimeter Devices
- Module 08: Web Application Penetration Testing Methodology
- Module 09: Database Penetration Testing Methodology
- Module 10: Wireless Penetration Testing Methodology
- Module 11: Cloud Penetration Testing Methodology
- Module 12: Report Writing and Post Testing Actions
The ECSA program offers a seamless learning progress continuing where the CEH program left off. The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.
Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.
It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted. Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re engineered the ECSA program as a progression from the former.
Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.
Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks. This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.
In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential. This new credential allows employers to validate easily the skills of the student.
- Ethical Hackers
- Penetration Testers
- Network server administrators
- Firewall Administrators
- Security Testers
- System Administrators and Risk Assessment professionals
ECSA Course Demo
Meet your Instructor:
iLabs Demo:
Credit Towards Certification: ECSA
Number of Questions: 150
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: ECC Exam Portal
ECSA (Practical) is a 12-hour, rigorous practical exam built to test your penetration testing skills.
ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are configured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.
The candidates are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program, and are required to perform a comprehensive security audit of an organization, just like in the real world. You will start with challenges requiring you to perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch, and post exploitation maneuvers.
The LPT (Master) is the world’s first fully online, remotely proctored LPT (Master) practical exam, which challenges the candidates through a grueling 18 hours of performance based, hands-on exam categorized into three practical exams for six-hour duration each, which will test your perseverance and focus by forcing you to outdo yourself with each new challenge. The exam requires the candidates to demonstrate a methodical approach to test and validate security defenses. The LPT (Master) exam is developed with close collaboration with SMEs and practitioners around the world after a thorough job role, job task, and skills-gap analysis.
LPT (Master) training is not comfortable (and the exam is even worse!) , but filled with intense stress meant to illicit the best from you. Those who prevail will have developed an instinctual and intellectual response to real world penetration testing challenges.
We want to bring out the best in you. Our aim is to push you to your limit while making you solve complex problems that actual penetration testers solve daily in the real world. For four punishing and long days, you will have to perform various tasks until it becomes second nature. This is the foundation of the program.
This program is radically different from the ECSA. In the ECSA course, you are provided guidance on what machines to attack and an initial starting point. In the Advanced Penetration Testing Course, you are presented with minimal network information along with a Scope of Work (SOW). The course was created to provide you with advanced concepts that will help when it comes to attempting the LPT (Master) Certification exam.
In this course you will learn professional security and penetration testing skills. The course is designed to show advanced concepts like scanning against defenses, pivoting between networks, deploying proxy chains, and using web shells. The last module of the course includes an SOW for each of the various networks we have created for the course. This, combined with the composition of various ranges, mimics a professional penetration test. Time is limited and you will be required to identify the attack surface followed by the weaknesses of the machines that are on the network.
EC-Council brings to you a new range of real world challenges that will not only test your Pen-testing skills but guarantees you an experience that is not built for the weak hearted. If you have been looking for a way to test your Pen-testing abilities, this is your chance to prove you have what it takes.
LPT (Master) certified professional can:
- Demonstrate a repeatable and measurable approach to penetration testing
- Perform advanced techniques and attacks to identify SQL injection, Cross site scripting (XSS), LFI, RFI vulnerabilities in web applications
- Submit a professional and industry accepted report that achieves management and technical buy-in
- Get access to proprietary EC-Council penetration testing methodologies
- Write exploit codes to gain access to a vulnerable system or application
- Exploit vulnerabilities in Operating systems such as Windows, Linux
- Perform privilege escalation to gain root access to a system
- Demonstrate ‘Out-of-the-box’ and ‘lateral’ thinking
- Ensure the integrity and value of the penetration testing certification, in a fully online, remotely proctored certification exam
Being an LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques. Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. This completely hands-on exam offers a challenge like no other by simulating a complex network of a multi-national organization in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.
EC-Council is dedicated to working with the US Department of Defense to bring the highest standards of Training, Education and Certification to our military.
Independent Accreditation ensures Quality of Certification
EC-Council Certifications are developed to the highest standards and have achieved numerous accreditations including ANSI 17024 for:
To get more information or still have questions:
EC-Council Cyber Security Certifications and the US NAVY
Six EC-Council Certifications are recognized by the United States Navy in over 100 Cyber Security Job roles, across 18 occupations. Ranging from Commander in Executive Cyberspace Leadership to Cyber Warfare Engineer, Special Agents, Incident Handlers, to Cryptologic Warfare Engineers, Cybersecurity careers with the US NAVY are exciting, holding an EC-Council certification provides great opportunity for advancement in a US NAVY career.
The decisions of Department of the NAVY to incorporate industry recognized certifications into the Cyber IT & Cyber Security Workforce Framework ensures as our service personnel advance their careers and eventually transition to civilian life, their skills and credentials are widely recognized by the Industries they will continue to work in as Veterans.
Certifications recognized, accepted, and often funded by the US NAVY include:
Funding opportunities for career advancement are available for Active Duty NAVY personnel through the NAVY COOL program.
US NAVY approves EC-Council Certifications across 18 Occupations and over 100 Job roles
*All information represented here can be found on the NAVY COOL site. To find what EC-Council Certifications map to your eligible Job role, select “Full Credential Search” then under Credential Agency, select or search for “International Council of E-Commerce Consultants”.
To get more information or still have questions:
EC-Council Cyber Security Certifications and the US ARMY
Five EC-Council Certifications are recognized by the United States ARMY across 15 occupations. Ranging from Cyber Operations Technician to Target Digital Network Analyst. Our certifications are in use as baseline credentials across ARMY Cyber throughout intelligence as well as deployed infantry. EC-Council is proud to work with various groups in the ARMY to support the Mission of ARMY Cyber.
Certifications recognized, accepted, and often funded by the US ARMY include:
Funding opportunities for career advancement are available for Active Duty ARMY personnel through the ARMY COOL program.
US ARMY approves EC-Council Certifications across 15 Occupations
- Cryptologic Cyberspace Intelligence Collector – Analyst
- CYBER Operations Technician
- Information Protection Technician
- Military Intelligence (MI) Systems Maintainer/Integrator
- Senior Network Operations Technician
- Cryptologic Cyberspace Intelligence Collector – Analyst
- CYBER Operations Technician
- Information Protection Technician
- Military Intelligence (MI) Systems Maintainer/Integrator
- Senior Network Operations Technician
- Counterintelligence Agent
- Cyber Operations Specialist
- Infantryman
- Information Technology Specialist
- Nodal Network Systems Operator-Maintainer
To get more information or still have questions:
EC-Council Cyber Security Certifications and the Marine Corps
Five EC-Council Certifications are recognized by the United States Marine Corps in 79 Cyber Security Job roles, across 17 occupations. Ranging from Cyber Security Technician, to Signals Intelligence and Electronic Warfare Operator, to Cyber Security Chief.
Certifications recognized, accepted, and often funded by the US Marine Corps include:
Funding opportunities for career advancement are available for Active Duty MARINE CORPS personnel through the Marine COOL program.
US Marine Corps approves EC-Council Certifications across 15 Occupations
To get more information or still have questions:
EC-Council Cyber Security Certifications and the US Air Force
Four EC-Council Certifications are recognized by the United States Air Force in 150 Cyber Security Job roles, across 8 occupations. Occupations are recognized in fields like; Cyber Transport Systems, Intelligence, and Cyber Warfare Operations.
Certifications recognized, accepted, and often funded by the US AIR FORCE include:
Funding opportunities for career advancement are available for Active Duty AIR FORCE personnel through the AIR FORCE COOL program.
To get more information or still have questions:
Qualifying Chapter 31 (VR&E) United States Veterans may use their benefits to quickly study and attempt industry certifications and career training.
Please click the “Contact Us” button below and enter “GI Bill” in the “Your Question” box. An EC-Council representative will contact you with more information regarding how we can support you.
To get more information or still have questions:
- Cyber Security Forensic Analyst
- Cyber Threat Analyst Tier 2
- Cyber Threat Intelligence Analyst
- Information Security Analyst
- Cyber Security Engineer
- Application Security Analyst II
- Cyber Security Assurance Engineer
- Senior Information Assurance/ Security Specialist
- Security Systems Analyst
- Security Operations Center (SOC) Analyst
What’s New
- Maps to NICE 2.0 Framework
- All New Module for Social Engineering Pen Testing
- Blended with both manual and automated penetration testing approach
- Increased Focus on Methodologies
- Presents a comprehensive scoping and engagement methodology
- Provides strong reporting writing guidance to draft valuable and comprehensive penetration report.
- Hands-on labs demonstrating practical and realtime experience on each of area of penetration testing
- Provides standard templates that are required during penetration test
- Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:
- Network Penetration Testing
- Web Application Penetration Testing
- Social Engineering Penetration Testing
- Wireless Penetration Testing
- Cloud Penetration Testing
- Database Penetration Testing
Add the Mobile Security Tool Kit to Your Training
For the past several years we have offered our training on a mobile device so that you can take your training with you and eliminate the need to stream the videos. This device is the next generation mobile device. This is a fully loaded pen test tool kit comes equipped with a custom Linux Hacking OS and, wait for it… we can load your course (or 2) onto the device. In the sage words of Ray Bradbury, “Something Wicked This Way Comes.”
Buy Self-Paced Training:
