EC-Council Security Analyst & Licensed Penetration Tester Course

• ECSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field.
• Greater industry acceptance as seasoned security professional.
• Learn to analyze the outcomes from using security tools and security testing techniques.


Pass exam 412-79 to achieve EC-Council Certified Security Analyst (ECSA) certification.

Topics covered on the 5 day EC-Council Security Analyst & Licensed Penetration Tester course

Penetration Testing Methodologies

• Understand how to structure and organize security tests
• Understand the five stages of a common penetration test attack methodology
• Analyze the tactical application of each phase
• The Open Source Security Testing Methodology Manual (OSSTMM)
• The NIST Methodology
• Learn about malicious hackers methodologies

Test Planning and Scheduling

• Estimation of Resources for the Test
• Defining the test scope
• Technical Preparation
• Rules of Engagement
• Defined Roles of the Involved Personnel
• Reporting

Information Gathering

• Demonstrate understanding of the field of Competitive Intelligence
• Develop skills involved in competitive intelligence gathering
• Demonstrate understanding of Informational Vulnerabilities in depth
• Engage in Passive network discovery techniques
• Information vulnerability and source of information
• Information gathering types
• Information gathering applications
• Controls to protect information

Advanced Vulnerability Analysis Penetration Testing

• Understand the three most common present vulnerability types
• TCP overview
• Traceroute and TCPTraceroute
• Tools to probe protocols
• Identifying targets through sweeping
• Evaluating services through scanning
• Advanced OS fingerprinting techniques
• Proxy Servers
• Sniffing
• Phone Phreakers
• Countermeasures

Advanced Denial of Service (DoS) Penetration Testing

• Describe the components of a DoS attack
• Identify the harm caused to the target system
• Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack
• Outline the necessary steps to test a system’s strength against a DoS attack
• Gathering and documenting the results

Advanced Password Cracking Penetration Testing

• Demonstrate understanding how passwords work in common operating systems
• Demonstrate knowledge of Linux/Unix authentication mechanisms
• Demonstrate knowledge of how distributed password cracking works
• Demonstrate ability to test strength of authentication mechanisms using password cracking
• Use common tools to crack Windows and Linux Passwords

Advanced Social Engineering Penetration Testing

• Describe what Social Engineering is
• Define the techniques used to execute Social Engineering
• Social Engineering Rules of engagement
• Security Policies
• Gather and document the test results

Advanced Internal Penetration Testing

• Appraise a typical network environment
• Outline the steps of the assessment
• Describe the tools used for internal testing
• Viruses and Containment Testing
• Define impact and points of consideration of Viruses on security testing and analysis
• Explain how vulnerabilities are discovered
• Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
• Learn operating system specific tools and techniques
• Employ Automated Vulnerability Scanners
• Employing Exploitation for verification of Vulnerabilities: Owning the Box
• Understand the specifics of common classes of System Vulnerabilities
• Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
• Demonstrate ability to employ Shellcode within exploits
• Gather and document the test results

Advanced External Penetration Testing

• Describe the goals of external testing
• Evaluate the potential attacks from outside of a security perimeter
• Understand the impact of web applications on Perimeter Security
• Anatomy of a remote exploit
• Common Attacks
• Examine the methodology of external penetration testing
• Demonstrate the tools used for external penetration testing
• Gather and document the results

Advanced Router Penetration Testing

• Overview of routing technologies
• Demonstrate knowledge of vulnerabilities in Routers
• Demonstrate knowledge of vulnerabilities in various network devices
• The potential for router exploitation
• Analysis of router vulnerabilities and attacks
• Tools used for testing
• Gathering and documenting the results

Advanced Firewall Penetration Testing

• Introduction to firewalls
• Technical overview of firewall systems
• Vulnerability analysis of firewalls
• Penetration testing steps
• Tools used for testing firewalls
• Gathering and documenting the results

Advanced Intrusion Detection Systems (IDS) Penetration Testing

• IDS overview
• IDS analysis challenges
• Penetration testing techniques
• Tools used for IDS testing and countermeasures
• Gathering and documenting test results

Advanced Wireless Penetration Testing

• Learn about Wireless Technologies
• Understand the problems with WLAN security
• Examine the tools used for Wireless Networks Testing
• Examine Countermeasures

Advanced Application Penetration

• Identify types of common applications
• Outline the technology of the applications
• Detect the vulnerabilities in the applications
• Examine the techniques of penetration testing
• Describe the tools employed in testing the applications
• Discover and analyze Web Application System Vulnerabilities
• Document the results of the testing

Advanced Physical Security Penetration

• Identify the goal of physical security
• Recognize the potential vulnerabilities of an organization with poor physical security
• Analyze the potential attacks against the physical environment
• Intrusion Detection systems
• Types of locks and their features
• Point out recommended safeguards to these attacks
• Document the test results

Reporting and Documentation

• Learn the basics of report writing
• Understand the requirements of the report
• Review different report writing options
• Outline reporting tips
• Describe the reporting consultation