-
What You Will Learn
This certification preparation program for the EC-Council Certified Security Analyst/Licensed Penetration Tester program consists of two components i.e. EC-Council Certified Security Analyst (ECSA) training and Licensed Penetration Tester (LPT) performance-based skill assessment. The EC–Council Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology.
The EC-Council Certified Security Analyst (ECSA) program teaches various penetration testing and security auditing methodologies. Licensed Penetration Tester (LPT) program teaches the report writing skills of the professional pen tester. The LPT program was also designed to evaluate the student’s capabilities of performing penetration tests in real-time scenarios on an active cyber range. The ECSA/LPT program awards two certificates to successful candidates. The ECSA certificate is provided on successfully passing the online ECSA exam and LPT credentials are provided upon meeting the requirements stated in LPT application form.
-
Course Details
Course Duration
12 weeks, 15 hours a week
Credit to be Awarded
Licensed Penetration Tester (LPT) Certification
Learning method
“Blended”
-
Prequisites
General Requirement
Students must be 18 years of age, possess a high school diploma, or General Equivalency Diploma (GED), or Home School Diploma.
EC-Council Organization Certification Recommendations/ Prerequisites
To be eligible to apply for the ECSA exam, students must either attend an official training class (from an Authorized Training Provider) OR have at least two years of information security related experience. To be eligible to apply for the LPT (Master) Exam, students must either be an ECSA member in good standing, have a minimum of 2 years working experience in penetration testing, or have any other approved industry certifications such as OSCP or GPEN certification.
Students who complete an Advanced Business Learning EC-Council program are automatically eligible to sit for the certification exam due to their Authorized Training Provider status.
EC-Council Organization Certification Exam Requirements
To be certified for ECSA, students must pass the certification exam with a minimum score of 70% or higher during the allotted 4-hour period to complete the 150-question exam. For the LPT certification, students must successfully complete the 5-day iLabs penetration test exam.
-
Outline
- Hardware Fundamentals, Operational Procedures, Peripheral Components
- Peripheral Components, Managing System Components, Installing and Configuring Operating Systems
- Customized Client Environments, Networking Technologies, Installing/Configuring/Maintaining SOHO Networks
- Supporting Laptops, Mobile Computing, Supporting Printers
- Security, Troubleshooting Hardware Components, Troubleshooting System-Wide Issues
-
Module Group 1
Need for Security Analysis, TCP/IP Packet Analysis, Penetration Testing Methodologies, and Customers and Legal Agreements
- Topic A: Computer Security Concerns
- Topic B: Information Security Measures
- Topic C: Risk Analysis
- Topic D: Introduction to TCP/IP
- Topic E: TCP/IP Connection
- Topic F: TCP/IP Security
- Topic G: Internet Control Message Protocol (ICMP)
- Topic H: Introduction to Penetration Testing
- Topic I: Types of Penetration Testing
- Topic J: Phases of Penetration Testing
- Topic K: Penetration Testing Consultants
- Topic L: Ethics of a Licensed Penetration Tester
- Topic M: Communication Skills of a Penetration Tester
- Topic N: Why Do Organizations Need Pen Testing?
- Topic O: Penetration Testing ‘Rules of Behavior’
- Topic P: Legal Issues in Penetration Testing
- Topic Q: Penetration Testing Contract
- Topic R: How Much to Charge?
-
Module Group 2
Rules of Engagement, Penetration Testing Planning and Scheduling, Pre-Penetration Testing Steps, and Information Gathering
- Topic A: Rules of Engagement (ROE)
- Topic B: Steps for Framing ROE
- Topic C: Clauses in ROE
- Topic D: Test Plan and Its Purpose
- Topic E: Content of a Test Plan
- Topic F: Building a Penetration Test Plan
- Topic G: Test Plan Identifier
- Topic H: Test Deliverables
- Topic A: Rules of Engagement (ROE)
- Topic B: Steps for Framing ROE
- Topic C: Clauses in ROE
- Topic D: Test Plan and Its Purpose
- Topic E: Content of a Test Plan
- Topic F: Building a Penetration Test Plan
- Topic G: Test Plan Identifier
- Topic H: Test Deliverables
-
Module Group 3
Vulnerability Analysis, External Penetration Testing, and Internal Network Penetration Testing
- Topic A: What Is Vulnerability Assessment?
- Topic B: Vulnerability Classification
- Topic C: Types of Vulnerability Assessment
- Topic D: How to Conduct a Vulnerability Assessment
- Topic E: How to Obtain a High Quality Vulnerability Assessment
- Topic F: Vulnerability Assessment Phases
- Topic G: Vulnerability Analysis Stages
- Topic H: Comparing Approaches to Vulnerability Assessment
- Topic I: Characteristics of a Good Vulnerability Assessment Solution
- Topic J: Vulnerability Report Model
- Topic K: Types of Vulnerability Assessment Tools
- Topic L: Vulnerability Assessment Tools
- Topic M: Vulnerability Analysis Chart
- Topic N: External Intrusion Test and Analysis
- Topic O: External Penetration Testing
- Topic P: Steps for Conducting External Penetration Testing
- Topic Q: Recommendations to Protect Your System from External Threats
- Topic R: Internal Testing
- Topic S: Steps for Internal Network Penetration Testing
- Topic T: Recommendations for Internal Network Penetration Testing+
-
Module Group 4
Firewall Penetration Testing, IDS Penetration Testing, Password Cracking Penetration Testing, Social Engineering Penetration Testing
- Topic A: What Is a Firewall?
- Topic B: How Does a Firewall Work?
- Topic C: Firewall Logging Functionality
- Topic D: Build a Firewall Ruleset
- Topic E: Maintenance and Management of Firewall
- Topic F: Firewall Penetration Testing Tools
- Topic G: Best Practices for Firewall Configuration
- Topic H: Steps for Conducting Firewall Penetration Testing
- Topic I: Introduction to IDS
- Topic J: Multi-Layer Intrusion Detection Systems & Benefits
- Topic K: Wireless Intrusion Detection Systems (WIDSs)
- Topic L: Common Techniques Used to Evade IDS Systems
- Topic M: IDS Penetration Testing Steps
- Topic N: Recommendations for IDS Penetration Testing
- Topic O: Password – Terminology
- Topic P: Password Types
- Topic Q: Common Password Vulnerabilities
- Topic R: Password Cracking Techniques
- Topic S: Types of Password Attacks
- Topic T: Steps for Password Cracking Penetration Testing
- Topic U: What Is Social Engineering?
- Topic V: Social Engineering Pen Testing
- Topic W: Impact of Social Engineering on the Organization
- Topic X: Requirements of Social Engineering
- Topic Y: Steps in Conducting Social Engineering Penetration Test
-
Module Group 5
Web Application Penetration Testing, SQL Penetration Testing, and Penetration Testing Reports and Post Testing Actions
- Topic A: Introduction to Web Applications
- Topic B: Web Application Components
- Topic C: Web App Pen Testing Phases
- Topic D: Introduction to SQL Injection
- Topic E: How Do Web Applications Work?
- Topic F: How Does SQL Injection Work?
- Topic G: SQL Injection Attack Paths
- Topic H: Impact of SQL Injection Attacks
- Topic I: Types of SQL Injection Attacks
- Topic J: SQL Injection Attack Characters
- Topic K: SQL Injection Cheat Sheet
- Topic L: SQL Injection Penetration Testing Steps
- Topic M: Best Practices to Prevent SQL Injection
- Topic N: Penetration Testing Deliverables
- Topic O: Writing Pen Testing Report
- Topic P: Pen Testing Report Format
- Topic Q: Result Analysis
- Topic R: Post Testing Actions
- Topic S: Report Retention
