EC-Council Certified Security Analyst (ECSA)

Course Description

The ECSA certification is an advanced ethical hacking training certification that complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. The ECSA penetration testing course provides you with a real-world, hands-on penetration testing experience and is a globally accepted hacking and penetration testing class that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

Audience Profile

  • Ethical Hackers
  • Penetration Testers
  • Network server administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment professionals

Learning Objectives

ECSA (Practical) is a 12-hour, rigorous practical exam built to test your penetration testing skills.

ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are configured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.

The candidates are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program and are required to perform a comprehensive security audit of an organization, just like in the real world. You will start with challenges requiring you to perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch, and post exploitation maneuvers.

The ECSA (Practical) tests your ability to perform threat and exploit research, understand exploits in the wild, write your own exploits, customize payloads, and make critical decisions at different phases of a pen testing engagement that can make or break the whole assessment. You will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.

Course Outline

Module 00: Penetration Testing Essential Concepts (Self-Study)

Module 01: Introduction to Penetration Testing and Methodologies

Module 02: Penetration Testing Scoping and Engagement Methodology

Module 03: Open-Source Intelligence (OSINT) Methodology

Module 04: Social Engineering Penetration Testing Methodology

Module 05: Network Penetration Testing Methodology – External

Module 06: Network Penetration Testing Methodology – Internal

Module 07: Network Penetration Testing Methodology – Perimeter Devices

Module 08: Web Application Penetration Testing Methodology

Module 09: Database Penetration Testing Methodology

Module 10: Wireless Penetration Testing Methodology

Module 11: Cloud Penetration Testing Methodology

Module 12: Report Writing and Post Testing Actions

Information Security Cybersecurity