Duration: 5 days
Time: 9am to 5pm

What Will Be Taught For This Security Analyst Course?

The ECSA program offers a seamless learning progress continuing where the CEH program left off.

The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.

It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted.

Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re-engineered the ECSA program as a progression from the former.

Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.

Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks.

This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.

In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential.

This new credential allows employers to validate easily the skills of the student.

Module 00: Penetration Testing Essential Concepts

  • Computer Network Fundamentals
  • TCP/IP protocol suite
  • IP Addressing and port numbers
  • Network Terminology
  • Network Security Controls
  • Network Security Devices
  • Network File System (NFS)
  • Windows Security
  • Unix/Linux Security
  • Virtualization
  • Web Server
  • Web Application
  • Web Markup and Programming Languages
  • Application Development Frameworks and their Vulnerabilities
  • Web API’s
  • Web Sub Components
  • Web Application Security Mechanisms
  • Working of Most Common Information Security Attacks
  • Information Security Standards, Laws and Acts

Module 01: Introduction to Penetration Testing and Methodologies

  • What is Penetration Testing?
  • Benefits of Conducting a Penetration Test
  • ROI for Penetration Testing
  • How Penetration Testing Differs from Ethical Hacking?
  • Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
  • Types of Penetration Testing
  • Penetration Testing: Cost and Comprehensiveness
  • Selecting an Appropriate Testing Type
  • Different Ways of Penetration Testing
  • Selecting the Appropriate Way of Penetration Testing
  • Common Areas of Penetration Testing
  • Penetration Testing Process
  • Penetration Testing Phases
  • Penetration Testing Methodologies
  • Need for a Methodology
  • LPT Penetration Testing Methodology
  • Penetration Testing Essentials

Module 02: Penetration Testing Scoping and Engagement Methodology

  • Penetration Testing: Pre-engagement Activities
  • Pre-engagement Activities
  • Request for Proposal (RFP)
  • Preparing Response Requirements for Proposal Submission
  • Setting the Rules of Engagement (ROE)
  • Establishing communication lines: Identify the Details of the Key Contact
  • Timeline
  • Time/Location
  • Frequency of meetings
  • Time of Day
  • Identify who can help you?
  • ROE Document
  • Handling Legal Issues in Penetration Testing Engagement
  • Penetration Testing Contract
  • Preparing for Test
  • Handling Scope Creeping during pen test

Module 03: Open-Source Intelligence (OSINT) Methodology

  • OSINT Gathering Steps
  • OSINT Through World Wide Web(WWW)
  • OSINT through Website Analysis
  • OSINT Through DNS Interrogation
  • Automating your OSINT Effort Using Tools/Frameworks/Scripts

Module 04: Social Engineering Penetration Testing Methodology

  • Social Engineering Penetration Testing
  • Skills Required to Perform Social Engineering Pen Test
  • Common Targets of Social Engineering Pen Test
  • Do Remember: Before Social Engineering Pen Test
  • Black Box or White Box?
  • Social Engineering Penetration Testing Steps
  • Social Engineering Penetration testing using E-mail Attack Vector
  • Social Engineering Penetration testing using Telephone Attack Vector
  • Social Engineering Penetration testing using Physical Attack Vector

Module 05: Network Penetration Testing Methodology - External

  • Network Penetration Testing
  • External vs. Internal Penetration Testing
  • External Network Penetration Testing
  • Internal Network Penetration Testing
  • Network Penetration Testing Process
  • White, Black or Grey-box Network Penetration Testing?
  • External Network Penetration Testing Steps
  • Port Scanning
  • OS and Service Fingerprinting
  • Vulnerability Research
  • Exploit Verification

Module 06: Network Penetration Testing Methodology - Internal

  • Internal Network Penetration Testing
  • Why Internal Network Penetration Testing?
  • Internal Network Penetration Testing Steps
  • Footprinting
  • Network Scanning
  • OS and Service Fingerprinting
  • Enumeration
  • Vulnerability Assessment
  • Windows Exploitation
  • Unix/Linux Exploitation
  • Other Internal Network Exploitation Techniques
  • Automating Internal Network Penetration Test Effort
  • Post Exploitation

Module 07: Network Penetration Testing Methodology - Perimeter Devices

  • Steps for Firewall Penetration Testing
  • Steps for IDS Penetration Testing
  • Steps for Router Penetration Testing
  • Steps for Switch Penetration Testing
  • Assessing Firewall Security Implementation
  • Assessing IDS Security Implementation
  • Assessing Security of Routers
  • Assessing Security of Switches

Module 08: Web Application Penetration Testing Methodology

  • White Box or Black Box?
  • Web Application Penetration Testing
  • Web Application Security Frame
  • Security Frame vs. Vulnerabilities vs. Attacks
  • Web Application Penetration Testing Steps
  • Discover Web Application Default Content
  • Discover Web Application Hidden Content
  • Tests for Security Misconfiguration Vulnerabilities
  • Tests for Broken Authentication and Authorization Vulnerabilities
  • Tests for Broken Session Management Vulnerabilities
  • Tests for Web Server Vulnerabilities

Module 09: Database Penetration Testing Methodology

  • Database Penetration Testing Steps
  • Information Reconnaissance
  • Database Enumeration: Oracle
  • Database Enumeration: MS SQL Server
  • Database Enumeration: MySQL
  • Vulnerability and Exploit Research
  • Database Exploitation: Oracle
  • Database Exploitation: MS SQL SERVER
  • Database Exploitation: MySQL

Module 10: Wireless Penetration Testing Methodology

  • Wireless Penetration Testing
  • WLAN Penetration Testing Steps
  • RFID Penetration Testing Steps
  • NFC Penetration Testing Steps
  • Mobile Device Penetration Testing Steps
  • IoT Penetration Testing Steps
  • Wireless Local Area Network (WLAN) Penetration Testing
  • RFID Penetration Testing
  • NFC Penetration Testing
  • Mobile Device Penetration Testing
  • IoT Penetration Testing

Module 11: Cloud Penetration Testing Methodology

  • Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP Among Others
  • Cloud Computing Security and Concerns
  • Security Risks Involved in Cloud Computing
  • Role of Penetration Testing in Cloud Computing
  • Do Remember: Cloud Penetration Testing
  • Scope of Cloud Pen Testing
  • Cloud Penetration Limitations
  • Cloud Specific Penetration Testing
  • Cloud Reconnaissance
  • Identify the Type of Cloud to be Tested
  • Identify What to be Tested in Cloud Environment
  • Identify the Tools for Penetration Test
  • Identify What Allowed to be Tested in Cloud Environment
  • Identify Which Tests are Prohibited
  • AWS’s Provision for Penetration Testing
  • Azure’s Provision for Penetration Testing
  • Google Cloud’s Provision for Penetration Testing
  • Identify Date and Time for Penetration Test
  • Cloud Specific Penetration Testing
  • Recommendations for Cloud Testing

Module 12: Report Writing and Post Testing Actions

  • Penetration Testing Deliverables
  • Goal of the Penetration Testing Report
  • Types of Pen Test Reports
  • Characteristics of a Good Pen Testing Report
  • Writing the Final Report
  • Document Properties/Version History
  • Table of Contents/Final Report
  • Summary of Execution
  • Scope of the Project
  • Evaluation Purpose/System Description
  • Assumptions/Timeline
  • Summary of Evaluation, Findings, and Recommendations
  • Methodologies
  • Planning
  • Exploitation
  • Reporting
  • Comprehensive Technical Report
  • Result Analysis
  • Recommendations
  • Appendices
  • Sample Appendix
  • Penetration Testing Report Analysis
  • Report on Penetration Testing
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Findings
  • Rating Findings
  • Analyze
  • Prioritize Recommendations
  • Delivering Penetration Testing Report
  • Cleanup and Restoration
  • Report Retention
  • Sign-off Document Template
  • Post-testing Actions for Organizations

Who Should Attend This Security Analyst Course

  • Ethical Hackers
  • Penetration Testers
  • Security Analysts
  • Security Engineers
  • Network Server Administrators
  • Security Testers
  • System Administrators
  • Risk Assessment Professionals

Pre-requisite

While the Certified Ethical Hacker (CEH) certification is not a prerequisite for the ECSA course, we strongly advise candidates to take the Certified Ethical Hacker course to attain the CEH prior to the commencement of the ECSA course.

  w/o GST w GST
Course Fee $3,000 $3,210

Exam:

Course fees listed above are inclusive of exam fees.

  w/o GST w GST
Retest Fee
$300 $321

Remarks:

COMAT is a business centre of e-Services, Electronics, ST Engineering.

Terms & Conditions

  • All prices stated above are in Singapore Dollars (SGD).
  • e-Services, Electronics, ST Engineering reserves the right to change the date or venue without prior notice.
  • e-Services, Electronics, ST Engineering reserves the right to cancel or reschedule the course due to class size or unforeseen circumstances.



Please click on the course date to enrol.