ECSA

  • EC-Council Certified Security Analyst

  • Duration :

What is EC-Council Certified Security Analyst –Licensed Penetration Tester Program


You are an ethical hacker. Your last name is “Pwned.” You dream about enumeration and you can scan networks in your sleep. You have expert knowledge and an arsenal of hacking tools. You know how to successfully attack fully patched and hardened systems and circumvent common security controls.
You may be asking yourself, “Is that enough? What’s next?”

Even though you may be able to write custom code to prevent exploits, what you may be lacking is the knowledge and experience to execute a successful penetration test according to accepted industry standards. Do you lack the knowledge to correctly apply ethical hacking tools while effectively conducting a security analysis of your organization’s network infrastructure?
The EC-Council Certified Security Analyst/Licensed Penetration Tester program consists of two components i.e. EC-Council Certified Security Analyst (ECSA) training and Licensed Penetration Tester (LPT) performance-based skill assessment.

How is EC-Council Security Analyst (ECSA) Program Different From The Licensed Penetration Testing (LPT) Program?


The EC-Council Certified Security Analyst (ECSA) program teaches various penetration testing and security auditing methodologies. Licensed Penetration Tester (LPT) program teaches the report writing skills of the professional pen tester. The LPT program was also designed to evaluate the student’s capabilities of performing penetration tests in real- time scenarios on an active cyber range.

How Many Certificates will I Get?


The ECSA/LPT program awards two certificates to successful candidates. The ECSA certificate is provided on successfully passing the online ECSA exam and LPT credentials are provided upon meeting the requirements stated in LPT application form.

What is the ECSA/LPT Program Flow?


Screen Shot 2015-12-27 at 2.17.49 PM

Do I have to be CEH to Attempt the ECSA Certification.


No. While the Certified Ethical Hacker (CEH) certification is not a prerequisite for the ECSA course, we strongly advise candidates to attain the CEH prior to the commencement of the ECSA course.

Can I take ECSA Training Only and Skip the Licensed Pentration Tester training and certification?


Yes. However, we strongly recommend candidates to pursue the Licensed Penetration Tester certification as it can be a major milestone in your career and establish you as a penetration tester and Information Security Auditor.

What is the EC-Council Security Analyst Program


The ECSA Program is a 5-day complete hands-on training program. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies.
EC-Council’s Certified Security Analyst (ECSA) course will help you master a documented penetration testing methodology that is repeatable and that can be used in a penetration testing engagement, globally.

The ECSA Lab Environment


The ECSA course is a fully hands-on program. The exercises cover real world scenario. By practicing the skills that are provided to you in the ECSA class, we are able to bring candidates up to speed with the latest threats that organizations may be vulnerable to.
This can be achieved with the EC-Council iLabs cyber range. It allows students to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection. Our simplistic web portal enables the student to launch an entire range of target machines and access them 24×7 remotely with one simple click. It is the most cost effective, easy to use, live range lab solution available.
With iLabs, lab exercises can be accessed 24×7 allowing the student to practice skills in a safe, fully functional network anytime it’s convenient. Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials as well as our state-of-the-art “Open Environment” allowing students to launch a complete Live range open for any form of hacking or testing.Available target machines are completely virtualized allowing us to control and reset machines quickly and easily with no required instructor or administrative interaction.

Target Audience


Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program.

Benefits of Becoming ECSA
Data Security Program – Advanced Penetration Testing

  • The ECSA is for experienced professionals in the industry and is backed by a curriculum designed by the best in the field.
  • Students earn greater industry acceptance as seasoned security professionals.
  • ECSAs learn to analyze the outcomes of security tools and security testing techniques.
  • The ECSA sets students on the path toward achieving the LPT certification.

What is the Outline of ECSA

Core Modules

  • NeedforSecurityAnalysis
  • TCPIPPacketAnalysis
  • PenetrationTestingMethodologies
  • Customers and Legal Agreements
  • Rules of Engagement
  • PenetrationTestingPlanningandScheduling
  • Pre-penetrationTestingSteps
  • InformationGathering
  • VulnerabilityAnalysis
  • External Penetration Testing
  • Internal Network Penetration Testing
  • Firewall Penetration Testing
  • IDS Penetration Testing
  • Password Cracking Penetration Testing
  • Social Engineering Penetration Testing
  • Web Application Penetration Testing
  • SQL Penetration Testing
  • Penetration Testing Reports and Post Testing Actions

Self-study Modules

  • Router and Switches Penetration Testing
  • Wireless Network Penetration Testing
  • Denial-of-ServicePenetrationTesting
  • Stolen Laptop, PDAs and Cell Phones Penetration Testing
  • SourceCodePenetrationTesting
  • PhysicalSecurityPenetrationTesting
  • SurveillanceCameraPenetrationTesting
  • DatabasePenetrationTesting
  • VoIP Penetration Testing
  • VPN Penetration Testing
  • CloudPenetrationTesting
  • Virtual Machine Penetration Testing
  • War Dialing
  • Virus and Trojan Detection
  • LogManagementPenetrationTesting
  • FileIntegrityChecking
  • Mobile Devices Penetration Testing
  • Telecommunicationand
  • Communication Penetration Testing
  • Email Security Penetration Testing
  • Security Patches Penetration Testing
  • DataLeakagePenetrationTesting
  • SAPPenetrationTesting
  • Standards and Compliance
  • InformationSystemSecurityPrinciples
  • InformationSystemIncidentHandlingandResponse
  • InformationSystemAuditingandCertification

ECSA v8 Exam Information

  • Credit Towards Certification: ECSA v8
  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: Multiple Choice
  • Test Delivery: Prometric Online Web site

How to Become ECSA?

Pass the required ECSA exam to obtain the ECSA certificate.

Screen Shot 2015-12-27 at 2.32.41 PM

Where can I Attend Training?

Screen Shot 2015-12-27 at 2.40.09 PM

Job Roles for ECSA

  • Perform network and application penetration testing using both automated and manual techniques
  • Design and perform audits of computer systems to ensure they are operating securely and that data is protected from both internal and external threats
  • Assess system-wide security statuses
  • Design and recommend security policies and procedures
  • Ensure compliance to policies and procedures
  • Evaluate highly complex security systems according to industry best practices to
    safeguard internal information systems and databases
  • Lead investigations of security violations and breaches and recommend solutions, prepare
    reports on intrusions as necessary, and provide an analysis summary for management
  • Respond to complex requests for information security information from both internal and
    external customers

Why EC-Council Security Analyst is Best


  • Presents industry accepted comprehensive pen testing standards on 44 domains
  • Covers advanced topics such as Mobile, Cloud, and Virtual Machine pen testing
  • Maps to NICE’s Protect and Defend, Operate and Collect, and Analyze Specialty Area Category
  • Covers all the requirements of National Information Assurance Training Standard For
    Information Systems Security Officers (CNSS – 4014) and National Training Standard for System Certifiers (NSTISSI – 4015)