EC-Council Security Analyst v10 (ECSA)

The ECSA program offers a seamless learning progress continuing where the CEH program left off.

The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-bystep penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals. It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted.

Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re engineered the ECSA program as a progression from the former. Organizations today demand a professional level pentesting program and notjust pentesting programs that provide training on how to hack through applications and networks.

Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and/or industry published pentesting frameworks
This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the
Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level

In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue
a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA
(Practical) credential. This new credential allows employers to validate easily the skills of the student.

Course Outline

  1. Introduction to Penetration Testing and Methodologies
  2. Penetration Testing Scoping and Engagement Methodology
  3. Open Source Intelligence (OSINT) Methodology
  4. Social Engineering Penetration Testing Methodology
  5. Network Penetration Testing Methodology – External
  6. Network Penetration Testing Methodology – Internal
  7. Network Penetration Testing Methodology – Perimeter Devices
  8. Web Application Penetration Testing Methodology
  9. Database Penetration Testing Methodology
  10. Wireless Penetration Testing Methodology
  11. Cloud Penetration Testing Methodology
  12. Report Writing and Post Testing Actions

What’s New in ECSA v10?

1. Maps to NICE 2.0 Framework

ECSAv10 maps to NICE framework’s Analyze (AN) and Collect and Operate (CO) specialty area

2. ALL NEW Module for Social Engineering Pen Testing

The ECSA curriculum presents a comprehensive Social Engineering Pen Testing Methodology where others program only makes a mere reference of this. According to 2017 Verizon Data Breach Investigation Report, on an overall, 43% of the documented breaches involved social engineering attacks!

We see this as a huge gap and that is where, the ECSA program is carefully designed and developed to be comprehensive in its coverage of the pentesting domain.

3. Increased Focus on Methodologies

ECSA V10 brings an enhanced concentration on methodology for network, web application, database, wireless, and cloud pen testing, whereas other certifications cover this superficially.

The new ECSA v10 program takes the tools you have learnt in the CEH and includes a wide-range of comprehensive scoping and engagement penetration testing methodologies that improves upon the best from ISO 27001, OSSTMM, and NIST Standards.

4. Blended with both manual and automated penetration testing approach

There are many numbers of automated pen testing tools out there in the marketplace including highpriced sophisticated tools, but they are not adequate. Most advanced tools are of little value if no one knows how to use them.

Manual penetration testing is the perfect complement to automated penetration Testing. Certain penetration test such as logic testing cannot be performed using automated tools. It requires human intervention to test against such vulnerabilities.

According to the MITRE Corporation, automated pen testing tools cover only 45% of the known
vulnerability types. Hence, the remaining 55% requires manual intervention.

For more details download pdf.