1
2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep. You have expert knowledge and an arsenal of hacking tools. You know how to successfully attack fully patched and hardened systems and circumvent common security controls. You may be asking yourself, Is that enough? What s next?
3 Even though you may be able to write custom code to prevent exploits, what you may be lacking is the knowledge and experience to execute a successful penetration test according to accepted industry standards. Do you lack the knowledge to correctly apply ethical hacking tools while effectively conducting a security analysis of your organization s network infrastructure? The EC-Council Certified Security Analyst/Licensed Penetration Tester program consists of two components i.e. EC-Council Certified Security Analyst (ECSA) training and Licensed Penetration Tester (LPT) performance-based skill assessment. The EC Council Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council s published penetration testing methodology.
4 How is EC-Council Security Analyst (ECSA) Program Different From The Licensed Penetration Testing (LPT) Program? The EC-Council Certified Security Analyst (ECSA) program teaches various penetration testing and security auditing methodologies. Licensed Penetration Tester (LPT) program teaches the report writing skills of the professional pen tester. The LPT program was also designed to evaluate the student s capabilities of performing penetration tests in real-time scenarios on an active cyber range. How Many Certificates will I Get? The ECSA/LPT program awards two certificates to successful candidates. The ECSA certificate is provided on successfully passing the online ECSA exam and LPT credentials are provided upon meeting the requirements stated in LPT application form.
5 What is the ECSA/LPT Program Flow? Do I have to be CEH to Attempt the ECSA Certification. No. While the Certified Ethical Hacker (CEH) certification is not a prerequisite for the ECSA course, we strongly advise candidates to attain the CEH prior to the commencement of the ECSA course. Can I take ECSA Training Only and Skip the Licensed Pentration Tester training and certification? Yes. However, we strongly recommend candidates to pursue the Licensed Penetration Tester certification as it can be a major milestone in your career and establish you as a penetration tester and Information Security Auditor.
6 EC-Council Certified Security Analyst (ECSA)
7 What is the EC-Council Security Analyst Program The ECSA Program is a 5-day complete hands-on training program. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies. EC-Council s Certified Security Analyst (ECSA) course will help you master a documented penetration testing methodology that is repeatable and that can be used in a penetration testing engagement, globally.
8 The ECSA Lab Environment The ECSA course is a fully hands-on program. The exercises cover real world scenario. By practicing the skills that are provided to you in the ECSA class, we are able to bring candidates up to speed with the latest threats that organizations may be vulnerable to. ECSA Class This can be achieved with the EC-Council ilabs cyber range. It allows students to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection. Our simplistic web portal enables the student to launch an entire range of target machines and access them remotely with one simple click. It is the most cost effective, easy to use, live range lab solution available. 24x7 With ilabs, lab exercises can be accessed 24x7 allowing the student to practice skills in a safe, fully functional network anytime it s convenient. Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials as well as our state-of-the-art Open Environment allowing students to launch a complete Live range open for any form of hacking or testing. I Class Available target machines are completely virtualized allowing us to control and reset machines quickly and easily with no required instructor or administrative interaction. Target Audience Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program.
9 Benefits of Becoming ECSA Data Security Program - Advanced Penetration Testing The ECSA is for experienced professionals in the industry and is backed by a curriculum designed by the best in the field. Students earn greater industry acceptance as seasoned security professionals. ECSAs learn to analyze the outcomes of security tools and security testing techniques. The ECSA sets students on the path toward achieving the LPT certification.
10 What is the Outline of ECSA? Core Modules 1. Need for Security Analysis 2. TCP IP Packet Analysis 3. Penetration Testing Methodologies 4. Customers and Legal Agreements 5. Rules of Engagement 6. Penetration Testing Planning and Scheduling 7. Pre-penetration Testing Steps 8. Information Gathering 9. Vulnerability Analysis 10. External Penetration Testing 11. Internal Network Penetration Testing 12. Firewall Penetration Testing 13. IDS Penetration Testing 14. Password Cracking Penetration Testing 15. Social Engineering Penetration Testing 16. Web Application Penetration Testing 17. SQL Penetration Testing 18. Penetration Testing Reports and Post Testing Actions
11 Self-Study Modules 19. Router and Switches Penetration Testing 20. Wireless Network Penetration Testing 21. Denial-of-Service Penetration Testing 22. Stolen Laptop, PDAs and Cell Phones Penetration Testing 23. Source Code Penetration Testing 24. Physical Security Penetration Testing 25. Surveillance Camera Penetration Testing 26. Database Penetration Testing 27. VoIP Penetration Testing 28. VPN Penetration Testing 29. Cloud Penetration Testing 30. Virtual Machine Penetration Testing 31. War Dialing 32. Virus and Trojan Detection 33. Log Management Penetration Testing 34. File Integrity Checking 35. Mobile Devices Penetration Testing 36. Telecommunicationand Broadband Communication Penetration Testing 37. Email Security Penetration Testing 38. Security Patches Penetration Testing 39. Data Leakage Penetration Testing 40. SAP Penetration Testing 41. Standards and Compliance 42. Information System Security Principles 43. Information System Incident Handling and Response 44. Information System Auditing and Certification
12 ECSA v8 Exam Information Credit Towards Certification: ECSA v8 Number of Questions: 150 Passing Score: 70% Test Duration: 4 hours Test Format: Multiple Choice Test Delivery: Prometric Online Web site
13 How to Become ECSA? Pass the required ECSA exam to obtain the ECSA certificate.
14 Where can I Attend Training? For more information, visit the webpage http://www.eccouncil.org/training Job Roles for ECSA Perform network and application penetration testing using both automated and manual techniques Design and perform audits of computer systems to ensure they are operating securely and that data is protected from both internal and external threats Assess system-wide security statuses Design and recommend security policies and procedures Ensure compliance to policies and procedures Evaluate highly complex security systems according to industry best practices to safeguard internal information systems and databases Lead investigations of security violations and breaches and recommend solutions, prepare reports on intrusions as necessary, and provide an analysis summary for management Respond to complex requests for information security information from both internal and external customers
15 Why EC-Council Security Analyst is Best Presents industry accepted comprehensive pen testing standards on 44 domains Covers advanced topics such as Mobile, Cloud, and Virtual Machine pen testing Maps to NICE s Protect and Defend, Operate and Collect, and Analyze Specialty Area Category Covers all the requirements of National Information Assurance Training Standard For Information Systems Security Officers (CNSS - 4014) and National Training Standard for System Certifiers (NSTISSI - 4015)
16 EC-Council s Licensed Penetration Testing (LPT) Certification
17 What is the Licensed Penetration Tester Program The Licensed Penetration Tester exam is the capstone that encapsulates the entire information security track of EC-Council. While the Certified Ethical Hacker course teaches an individual what are the threat agents that can compromise the security posture of an organization and the EC-Council Security Analyst program provides a repeatable and documentable methodology that can be used by a security auditor while analyzing the security status of the organization, the Licensed Penetration Tester exam covers a completely different skill-set that is needed by every penetration tester Report Writing.
18 Report Writing has been described by many as one of least preferred, yet arguably one of the most critical part of any penetration testing engagement. While so many courses are offered globally to cover various subjects in the information security realm, hardly any are dedicated to this very important skill, especially almost half of all time spent at any penetration testing engagement can revolve around writing and reporting the core findings of the engagement to the client! Explaining a highly technical finding in an elaborate penetration testing engagement to someone not technical like the CEO of a company, the senior management or even the board of directors can be very challenging and frustrating at times! This is exactly the science that formed the basis of the EC-Council LPT exam. Upon completion of the ECSA course, the candidate is ready to prove, via a rigorous, hands-on, real life scenario-based exam that requires the candidate to perform a penetration test of an imaginary organization which depicts a complex network of a real life multinational corporation. This shall be conducted on EC- Council s cyber range and the candidates then have to report the findings to EC-Council via a written report. Each participant is given merely 1 week to conduct a comprehensive penetration test and they are required to submit their findings within 30 days via a written report. Each candidate s report will be graded by an EC-Council accredited penetration tester, and upon approval of the candidate s application, Licensed Penetration Tester credential will be awarded.
19 What is LPT Framework?
20 How Does the LPT License help me in conducting pen tests? The LPT licence provides assurance to your employer or prospective clients that you possess the ability to perform a methodological security assessment. It also helps you join the EC-Council s elite Tiger Team, which provides you a platform to showcase your skills and earn real-world pen testing experience. How is LPT framework different from other pen testing frameworks and standards? Unlike other proprietary pen testing frameworks that are used only within a particular organization, EC-Council s LPT framework is available to the public. The LPT framework was developed based on a thorough analysis of all the available frameworks and standards in the industry. The LPT is further bolstered by incorporating the strengths of other frameworks into one certification.
21 What is Tiger Team? Tiger Team is an elite set of professionals who hold LPT credential that engage in Penetration Testing projects worldwide. Members of Tiger Team have high chances of participating in Penetration Testing assignments worldwide. The list will be displayed on our website and will act as an endorsement of the professionals skills and ethics. How can I join the Tiger Team? Selected Certified Licensed Penetration Tester professionals will be invited in EC-Council s elite Tiger Team. Police clearance / verification / background check/ legal agreements will be involved before joining the team. How can I buy the LPT Framework? You can access and use the LPT framework after registering for the ECSA/LPT program. What is VampireTest? VampireTest is a tool designed to be used by penetration testers to input penetration test data results. The program accepts various inputs and delivers a final, cohesive report of the data content.
22 Mercury Solutions Limited 464, Phase V Udyog Vihar Gurgaon, DELHI-NCR 122016 INDIA Tel: +91 888 2233 777 http://www.mercury.co.in E-mail: training@mercury.co.in