EC-Council Certified Security Analyst v10
ECSA Course Overview
EC-Council’s ECSA Certification Training has been designed to provide a real-world, hands-on penetration testing experience, and to help the individuals in taking the ESCA theory and ECSA Practical exam confidently. Since ECSA is an extension of CEH Certification, our Certified Security Analyst Certification training also aims to enhance the advanced security skills, which will help the individuals to analyze the outcome of hacking tools and technologies. Some of the key features of this training course are:
- The official EC-Council curriculum is followed.
- Experienced trainers to offer clear insight into the theory and practical course.
- Multiple training options (Bootcamp, online, onsite, etc.) available.
New version Certified Penetration Testing Professional – CPENT is now available.
Why take ECSA?
1. Maps to NICE 2.0 Framework
ECSAv10 maps to NICE framework’s Analyze (AN) and Collect and Operate (CO) specialty area
2. ALL NEW Module for Social Engineering Pen Testing
The ECSA curriculum presents a comprehensive Social Engineering Pen Testing Methodology where others program only makes a mere reference of this. According to 2017 Verizon Data Breach Investigation Report, on an overall, 43% of the documented breaches involved social engineering attacks!
We see this as a huge gap and that is where, the ECSA program is carefully designed and developed to be comprehensive in its coverage of the pentesting domain.
3. Increased Focus on Methodologies
ECSA V10 brings an enhanced concentration on methodology for network, web application, database,
wireless, and cloud pen testing, whereas other certifications cover this superficially.
The new ECSA v10 program takes the tools you have learnt in the CEH and includes a wide-range of comprehensive scoping and engagement penetration testing methodologies that improves upon the best from ISO 27001, OSSTMM, and NIST Standards.
4. Blended with both manual and automated penetration testing approach
There are many numbers of automated pen testing tools out there in the marketplace including high-priced sophisticated tools, but they are not adequate. Most advanced tools are of little value if no one knows how to use them.
Manual penetration testing is the perfect complement to automated penetration Testing. Certain penetration test such as logic testing cannot be performed using automated tools. It requires human intervention to test against such vulnerabilities.
According to the MITRE Corporation, automated pen testing tools cover only 45% of the known vulnerability types. Hence, the remaining 55% requires manual intervention.
5. Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:
- Network Penetration Testing – Identify security issues in network design and implementation
- Web Application Penetration Testing – Detect security issues in web applications that exists
due to insecure design and development practices
- Social Engineering Penetration Testing – Identify employees that do not properly authenticate,
follow, validate, handle, the processes and technology
- Wireless Penetration Testing – Identify misconfigurations in organization’s wireless infrastructure including WLAN, Mobile,
- Cloud Penetration Testing – Determine security issues in organization’s cloud infrastructure
- Database Penetration Testing – Identify security issues in the configuration of database server and their instances
6. Presents a comprehensive scoping and engagement methodology
Defining scope of penetration test is arguably one of the most important components of a penetration test, yet it is also one of the most overlooked in most of the penetration testing programs. A complete module is dedicated in the course to describe the pre-engagement activities in detailed, tells how to initiate and set the scope and Rule of Engagement (RoE) for the penetration test assignment.
7. Provides strong reporting writing guidance to draft valuable and comprehensive penetration report
The report is the tangible output of the testing process, and the only real evidence that a test actually took place. Ultimately, it is the report that is sellable in penetration test assignment. If it is not well planned and drafted, the client may disagree with the findings of a test and will not justify the expense of the test. A separate module is dedicated in the course to describe the skills required to draft effective penetration test report depending upon the target audiences.
8. Hands-on labs demonstrating practical and realtime experience on each of area of penetration testing
Practical knowledge can lead to a deeper understanding of a concept through the act of doing. The course is also aiming to provide practical experience through handson labs on thorough penetration testing process from scoping and engagement to report writing The student will get a direct experience by working on these hands-on labs.
9. Provides standard templates that are required during penetration test
The course is bundled with the bunch of standard templates that are necessary which helps students during scoping and engagement process well as collecting and reporting test results. No other program offers a set of comprehensive penetration templates like the ECSA!
The Purpose of the ECSA Certification Course?
The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.
The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology.
- Focuses on pentesting methodology with an emphasis on hands-on learning
- The exam will now have a prerequisite of submitting a pentesting report
- The goal of these changes is to make passing ECSA more difficult; therefore, making it a more
You should have the following experience before attending this course:
- A minimum of one years experience managing Windows/Unix/Linux systems
- An understanding of common network and security services
Learning Objectives for ECSA v10 Training Course
The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and enhances your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology. It focuses on pentesting methodology with an emphasis on hands-on learning
Upon Completion of this Course, you will accomplish following:
- Introduction to Penetration Testing
- Penetration Testing Scoping and Engagement Methodology
- Open Source Intelligence (OSINT) Methodology
- Social Engineering Penetration Testing Methodology
- Network Penetration Testing Methodology -External, Internal & Perimeter Devices
- Web Application Penetration Testing Methodology
- Database Penetration Testing Methodology
- Wireless Penetration Testing Methodology
- Cloud Penetration Testing Methodology
- Report Writing and Post Testing Actions
The EC-Council Certified Security Analyst (ECSA v10) training and certification course is a continuation of CEH program .The updated 10th versions of ECSAv10 includes updated curriculum matching the industry progress and similar step-by-step penetration testing methodology. The ECSA follows a set of methodologies which covers the pentesting requirements across various verticals.
In the new EC-Council Certified Security Analyst (ECSA v10) training course the regular exam is followed by an option to write a practical exam to test the skills acquired earning the ECSA (Practical) credential. This validates the practical skills for industry readiness.
This course covers:
Module 00: Penetration Testing Essential Concepts (Self-Study)
Module 01: Introduction to Penetration Testing and Methodologies
Module 02: Penetration Testing Scoping and Engagement Methodology
Module 03: Open-Source Intelligence (OSINT) Methodology
Module 04: Social Engineering Penetration Testing Methodology
Module 05: Network Penetration Testing Methodology – External
Module 06: Network Penetration Testing Methodology – Internal
Module 07: Network Penetration Testing Methodology – Perimeter Devices
Module 08: Web Application Penetration Testing Methodology
Module 09: Database Penetration Testing Methodology
Module 10: Wireless Penetration Testing Methodology
Module 11: Cloud Penetration Testing Methodology
Module 12: Report Writing and Post Testing Actions
|Exam Codes||412-79 (ECC EXAM)|
|Number of Questions||150 questions per exam|
|Type of Questions||Multiple choice|
|Length of Test||4 Hours / 240 Minutes|
|Testing Provider||ECC EXAM PORTAL|
EC-Council Certified Security Specialist v9
EC-Council Certified Encryption Specialist v2
EC-Council Disaster Recovery Professional v3
EC-Council Certified Chief Information Security Officer v3
EC-Council Certified Secure Computer User v2
EC-Council Certified Incident Handler v2
EC-Council Certified Threat Intelligence Analyst v1
EC-Council Certified SOC Analyst v1
EC-Council Certified Penetration Testing Professional v1
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Certified Network Defender v2
EC-Council Certified Ethical Hacker v11
- Unit 15B Penthouse Atherton Place, Tomas Morato, Corner Don A. Roces Ave, Quezon City, 1103 Metro Manila
- +(632) 7905 8718