A Division of Training Planet
From Self-Study Videos/CDs to Boot Camp Classes ...at Training Planet it's all about choice.
We research the best providers out there and let you pick from our directory of classes!

Private On-Site Corporate Camps Now Available. Click for Details

New Package Discount Programs to Recession-Proof your Career!
Select Courses Approved for DoD Directive 8570.1
 

Certified Security Analyst ECSA Certification Training
Licensed Penetration Tester LPT Certification Training

Certified Security Analyst (ECSA) / Licensed Penetration Tester (LPT) combined DUAL CERTIFICATION 6-day Boot Camp certifies individuals in the specific network security discipline of Security Analysis and Penetration Testing.

 
The objective of EC-Council Certified Security Analyst is to add value to experienced security professionals by helping them analyze the outcomes of their tests. ECSA leads the learner into the advanced stages of ethical hacking. Through groundbreaking penetration testing methods and techniques, ECSA class helps students perform the intensive assessments required to effectively identify and mitigate risks to the security of the  infrastructure.  This makes ECSA a relevant milestone towards achieving EC-Council's Licensed Penetration Tester, which also ingrains the learner in the business aspect of penetration testing. The Licensed Penetration Tester standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.
 

Certified Security Analyst (ECSA)

ECSA is a security class like no other! Providing real world hands-on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council's Certified Security Analyst ECSA training course is a highly interactive security class designed to teach Security Professionals the advanced uses of the available methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and groundbreaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of hacking and network security-testing topics.

ECSA complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking penetration testing methods and techniques, the ECSA class helps students perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure. The objective of ECSA is to add value to experienced security professionals by helping them analyze the outcomes of their tests. ECSA leads the learner into the advanced stages of ethical hacking. This makes ECSA a relevant milestone towards achieving EC-Council's Licensed Penetration Tester, which also ingrains the learner in the business aspect of penetration testing. The Licensed Penetration Tester standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.

Benefits

ECSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field.
Greater industry acceptance as a seasoned security professional.
Learn to analyze the outcomes from using security tools and security testing techniques.

 

EC-Council's Licensed Penetration Tester

"The Most Prestigious Certification for Penetration Testing Professionals."

EC-Council's Licensed Penetration Tester (LPT) is a natural evolution and extended value addition to its series of security related professional certifications. LPT standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.

The objective of a LPT is to ensure that each professional licensed by EC-Council follows a strict code of ethics, is exposed to the best practices in the domain of penetration testing and is aware of all compliance requirements required by the industry.
Unlike a normal security certification, the Licensed Penetration Tester is a program that trains security professionals to analyze the security posture of a network exhaustively and to recommend corrective measures authoritatively. EC-Council's license vouches for their professionalism and expertise thereby making these professionals more sought-after by organizations and consulting firms globally.

LPT is a professional certification that is used to measure penetration testing skills. A candidate can initiate training to become a Licensed Penetration Tester by attending EC-Council's CEH training program. All of the LPT courses come with high-quality supporting materials, aids and resources.

LPT Certification was designed to recognize mastery of an international standard for penetration testing and understanding of a Common Body of Knowledge. Certification can enhance a professional's career and provide added IS credibility and is ideal for anyone who is involved with penetration testing in the organization - System administrators, IT managers, IT Auditors, database professionals, etc.

 

Benefits

EC-Council's endorsement as a licensed penetration testing professional allows them to practice as a penetration testing consultant internationally.
Industry acceptance as a legal and ethical security professional
Access to proprietary EC-Council software, templates and penetration testing methodologies.
License to practice and conduct security testing in organizations accredited by EC-Council.
Acquire knowledge from experienced, hands-on penetration testingmethodologies and latest penetration testing practices.

Prerequisites

Students should have experience with Windows and/or UNIX/LINUX operating systems, along with knowledge of TCP/IP and networking. CEH certification is strongly recommended. This course is also a prerequisite to EC-Council's Licensed Penetration Tester Program.

Who Should Attend

System and Network Administrators
Security and Firewall Administrators
Security Engineers and Architects
MIS Directors
Professional Security Testers
Chief Security Officers
Professional Security
Chief Intelligence Officers
IT Auditors
Security Analyst
Risk Assessment Professionals
Vulnerability Auditors
View Schedule Get Quote Now


EC Council

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The purpose of the EC-Council is to support and enhance the role of individuals and organizations who design, create, manage or market e-Business solutions. EC Council supports their members by providing Electronic Commerce Consultant certification as well as educational, technical, placement, member advantage, and discounted services. They enhance their membership by providing a community where discussion and information exchange can operate freely in the context of mutual trust and benefit.

 
Students will be prepared for EC-Council's ECSA exam 412-79 on the last day of the class. This certification is also the pre-requisite to EC-Council's Licensed Penetration Tester Program.
Number of Questions: 50 Passing Score: 70% Test Duration: 2 Hours Test Format: Multiple Choice

EC Council's Security Analyst Exam Objectives

Candidate will need to have competency in the following objectives to be certified as an ECSA:

Understand the five stages of a common penetration test attack methodology
Understand how to structure and organize security tests
Analyze the tactical application of each phase
Define the five main professional categories:
Compare and contrast the different job roles in the security testing and analysisindustry
Understand the three most common present vulnerability types
Identify the potential impact of Information Vulnerabilities
Identify the risks of Network Vulnerabilities
Understanding the different types of System Vulnerabilities and their impact
Understand the scoping process of designated target systems
Know the rules of engagement as they pertain to client target networks/systems
Knowing what results are expected at the end of the test
Demonstrate understanding of the field of Competitive Intelligence
Develop skills involved in competitive intelligence gathering
Demonstrate understanding of Informational Vulnerabilities in depth
Engage in Passive network discovery techniques
Use advanced web resource skills to research identified targets in depth
Formulate a picture of network boundaries, using IP and DNS information
Analyze documents for potential Information Vulnerabilities
Demonstrate understanding of Network Vulnerabilities in depth
Build a secure network design, and analyze it for vulnerabilities using threat modeling
Explore the role of modems and Virtual Private Networks in Perimeter breaches
Understand common vulnerabilities with 802.11 Wireless
Analyze and map live network hosts using multiple correlated modalities
Employ common and advanced tools to identify live hosts leveraging output from previous discovery processes
Analyze e-mail headers to enumerate target network resources for location, type and other data points
Install various Packet Sniffers
Demonstrate skills in deploying Packet Sniffers for the purpose of packet analysi
Demonstrate use of Packet Sniffers to intercept user-names and passwords
Demonstrate use of Packet Sniffers in intrusion signature analysis
Understand the output and results from common Packet Sniffers
Employ advanced techniques, such as ARP-spoofing and Port Stealing, to sniff switched environments
Demonstrate knowledge of vulnerabilities in Firewalls
Use software such as Firewalk to map out a Firewalls ruleset
Demonstrate knowledge of vulnerabilities in routers
Understanding many Informational Vulnerabilities, as well as network vulnerabilities present in many routers
Analyzing Cisco packet captures for information disclosure and cracking Cisco passwords.
Demonstrate knowledge of vulnerabilities in various network devices
Explore the role of Network Appliances such as printers and PBX's in potential security violations
Using Man-in-the-Middle Attacks to intercept secured and encrypted traffic
Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
Employ advanced tools to fingerprint specific operating systems
Implement advanced port scanning techniques to further refine targeting information
Employ tools like Netcat to verify service information and eliminate false positives
Learn operating system specific tools and techniques
Use commonly available Microsoft Resource Kits for advanced Windows enumeration
Use Null Sessions for advanced Windows enumeration
Use various common tools in Linux for Linux and Unix enumeration
Employ Automated Vulnerability Scanners
Understand the strengths and weaknesses of Automated Scanners
Using Nessus to refine target information
Analyzing the results given by Nessus and other Automated Scanners
Understand the specifics of common classes of System Vulnerabilities
Understand Stack-based overflows
Understand Format String vulnerabilities
Understand Heap-based overflows
Develop and execute proof of concept Stack-based overflows
Develop and execute proof of concept Understand Format String vulnerabilities
Develop and execute proof of concept Understand Heap-based overflows
Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
Demonstrate ability to employ Shellcode within exploits
Verify payload differences across multiple operating systems
Demonstrate ability to use Exploits against targets in a non-destructive manner
Use a debugger to find the Return Address
Develop proof-of-concept code to generate a working exploit
Execute actual exploit code to compromise target servers
Demonstrate understanding how passwords work in common operating systems
Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM, Kerberos)
Demonstrate knowledge of Linux/Unix authentication mechanisms
Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP, PAM, etc)
Demonstrate knowledge of how distributed password cracking works
Demonstrate knowledge of how advanced password cracking attacks, such as Rainbow Tables, work
Demonstrate ability to test strength of authentication mechanisms using password cracking
Use common tools to crack Windows passwords
Use several free tools to crack Linux and common Unix passwords
Use advanced approaches to password cracking by combining techniques and resources to compromise target credentials
Understand the safe utilization of malicious software in a penetration test
Understand how Rootkits work
Understand how Trojans work
Understand where Rootkits and Trojans fit into the security test
Understand the impact of web applications on Perimeter Security
Test and analyze higher-layer applications for Network Vulnerabilities
Demonstrate knowledge of common types of web application System Vulnerabilities
Employ attack proxies to audit web applications
Employ application scanners to audit web applications
Discover and analyze Web Application System Vulnerabilities
Use SQL Injection attacks against target servers to retrieve database information
Test for Cross-Site Scripting vulnerabilities
Use automated scanners, such as Nikto, for web application testing
Categorize and identify range and function of present Viruses
Identify threat levels and countermeasures of various viruses
Define impact and points of consideration of Viruses on security testing and analysis
Understand how common viruses work
Learn how to safely test containment measures
Evaluate target networks for proper containment measures
Understand the role of the Security Tester regarding Intrusion Detection Systems
Learning methods for testing IDSs, and IDS limitations
Analyzing output from an IDS running on the target network
Learning methods for bypassing IDSs
Understand threat posed by inside and outside human threat agents
Define coherent policy and policy enforcement
Analyze implicit vulnerabilities resulting from improper policy design and enforcement
Understand Operational Security doctrine and Information Vulnerabilities as they pertain to personnel
Employ methods for testing personnel security compliance
Synthesize data from analysis for reporting on vulnerabilities discovered in the target network over the course of the class
Develop an Executive Summary
Develop a detailed report from security testing process
Demonstrate effective communication of security test results


ECSA Outline | LPT Certification Outline

 

EC-Council's Certified Security Analyst Detailed Course Outline

Module 1 - Penetration Testing Methodologies

Understand how to structure and organize security tests
Understand the five stages of a common penetration test attack methodology
Analyze the tactical application of each phase
Get an overview of The Security Map and sections of the OSSTMM
Learn about an OSSTMM certified security test
Understand what is a complete and valid OSSTMM security test
See how the OSSTMM addresses privacy law compliance
Learn how the OSSTMM addresses "Best Practices" compliance
The NIST Methodology
See an overview of the NIST Four-Stage Penetration Testing methodology
See escalation of privileges according to he NIST methodology
Learn about the course methodology
Learn about the methodology followed in this course
Learn about malicious hackers methodologies
Review a common malicious hacker attack methodology
Examine methodological variants

Module 2 - Test Planning and Scheduling

Estimation of Resources for the Test
Estimating time and cost of a test
Defining the test scope
Determination of Test Objectives
Technical Preparation
Attack network
Attack workstation
Gathering tools and exploits
How to manage confidential data
Rules of Engagement
Non-disclosure agreement
Liability limitations
Emergency phone number
Know the rules of engagement as they pertain to client target networks/systems
Defined Roles of the Involved Personnel
Review rules of engagement
What should be included in rules of engagement
Reporting
Deliverables
Knowing what results are expected at the end of the test
Presentation of results
Module 3 - Information Gathering

Demonstrate understanding of the field of Competitive Intelligence
Develop skills involved in competitive intelligence gathering
Demonstrate understanding of Informational Vulnerabilities in depth
Engage in Passive network discovery techniques
Use advanced web resource skills to research identified targets in depth
Formulate a picture of network boundaries, using IP and DNS information
Analyze documents for potential Information Vulnerabilities
Information vulnerability and source of information
Business intelligence
Sales data
R&D data
Job advertising
Web site
Mailing list
Other sources of great interest
Information gathering types
Passive
Active
How and where to passively gather information
Information gathering applications
Dig
Host
Nslookup
Sam Spade
Registrars
DNSTracer
kartOO
Advanced web tricks
And other tools and websites
Controls to protect information
Module 4 - Advanced Vulnerability Analysis Penetration Testing and Security Analysis

Understand the three most common present vulnerability types
Identify the potential impact of Information Vulnerabilities
Identify the risks of Network Vulnerabilitie
Understanding the different types of System Vulnerabilities and their impact
TCP overview
TCP protocol suite
ICMP, UDP, ICMP, TC
Handshake
Tear Down
Port and Services
Flags
Traceroute and TCPTraceroute
LFT
Tools to probe protocols
Paketto Kieretsu
ScanRand
Minewt
Linkcat
Paratrace
Identifying targets through sweeping
Type of sweeps
Evaluating services through scanning
Type of scans
Stealth Scanning
Bounce Attacks
Reverse Ident Scanning
Nmap
How to use Nmap
Nessus
How to use Nessus
How to avoid problems using Nessus
Limitations of Nessus
Other scanners and tools overview
Retina
Saint
Hping2
Firewalk
Nikto
Languard
ISS
IpEye
Netscan Tools
SuperScan
Friendly Pinger
Cheops
SATAN
Advanced OS fingerprinting techniques
Proxy Servers
Sniffing
Tcpdump
Windump
Snort
Ethereal
Ettercap
Dsniff
Windows Tools
Dumpsec
Winfo
NAT
Netbios Enumeration Techniques
Userinfo
Getacct
Dumpreg
WinFingerprint
AD Enumeration
SNMP
Weaknesses
Snmpwalk
Snmpget
Snmpgetnext
SolarWinds
SNScan
Phone Phreakers
PBX testing
Modem Testing
WarDialing
Fax Security
PhonSweep
Toneloc
THCScan
Countermeasures
Module 5 - Advanced Denial of Service (DoS) Penetration Testing and Security Analysis

Describe the components of a DoS attack
Attack Vectors
The Battlefield
DoS, DDoS, DRDoS
Identify the harm caused to the target system
Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack
Outline the necessary steps to test a system's strength against a DoS attack
Gathering and documenting the results
Module 6 - Advanced Password Cracking Penetration Testing and Security Analysis

Demonstrate understanding how passwords work in common operating systems
Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM, Active Directory)
Demonstrate knowledge of Linux/Unix authentication mechanisms
Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP, PAM, etc)
Demonstrate knowledge of how distributed password cracking works
Demonstrate knowledge of advanced password cracking attacks, such as Rainbow Tables
Demonstrate ability to test strength of authentication mechanisms using password cracking
Use common tools to crack Windows Passwords
Use several free tools to crack Linux and common Unix passwords
Use advanced approaches to password cracking by combining techniques and resources to compromise the target credentials
Module 7 - Advanced Social Engineering Penetration Testing and Security Analysis

Describe what Social Engineering is
Principles of social engineering
Social Engineering Tips
Type of social engineering attacks
Define the techniques used to execute Social Engineering
Social Engineering Goals
Social Engineering Rules of engagement
Recognize the threat of Social Engineering
Outline the methods by which Social Engineering is performed
Trusted positions enumeration
Trusted person testing
Request Testing
Guided Suggestions
Phishing
Security Policies
Gather and document the test results
Module 8 - Advanced Internal Penetration Testing and Security Analysis

Review the most common platforms
Appraise a typical network environment
Outline the steps of the assessment
Describe the tools used for internal testing
Viruses and Containment Testing
Categorize and Identify range and function of present Viruses
Identify threat levels and countermeasures of various viruses
Define impact and points of consideration of Viruses on security testing and analysis
Understand how common viruses work
Learn how to safely test containment measures
Evaluate target networks for proper containment measures
Explain how vulnerabilities are discovered
Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
Employ advanced tools to fingerprint specific operating systems
Implement advanced port scanning techniques to further refine targeting information
Employ tools like Netcat to verify service information, and eliminate false positives
Learn operating system specific tools and techniques
Use commonly available Microsoft Resource Kits for advanced Windows enumeration
Use Null-Sessions for advanced Windows enumeration
Use various common tools in Linux for Linux and Unix enumeration
Employ Automated Vulnerability Scanners
Understand the strengths and weaknesses of Automated Scanners
Using Nessus to refine target information
Overview of common vulnerability scanners
Cerberus Internet Scanner
Somarsoft Hyena
Languard
Nessus
Saint
SATAN
Employing Exploitation for verification of Vulnerabilities: Owning the Box
Understand the specifics of common classes of System Vulnerabilities
Understand Stack based overflows
Understand Format String vulnerabilities
Understand Heap based overflows
Develop and execute proof of concept Stack based overflows
Develop and execute proof of concept Understand Format String vulnerabilities
Develop and execute proof of concept Understand Heap based overflows
Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
Demonstrate ability to employ Shellcode within exploits
Gather and document the test results
Module 9 - Advanced External Penetration Testing and Security Analysis

Describe the goals of external testing
Network Categories
Understand the challenges facing a tester in an external penetration test
Evaluate the potential attacks from outside of a security perimeter
Web Security Challenges
Current situation
Attack Trends
What creates those vulnerabilities
Understand the impact of web applications on Perimeter Security
Test and Analyze higher-layer applications for Network Vulnerabilities
Demonstrate Knowledge of common types of web application System Vulnerabilities
Employ attack proxies to audit web applications
Employ application scanners to audit web applications
Anatomy of a remote exploit
Common Attacks
Network packet sniffers
IP spoofing
Password attacks
Distribution of sensitive internal information to external sources
Man-in-the-middle attacks
Phishing
Examine the methodology of external penetration testing
Demonstrate the tools used for external penetration testing
Website Crawler
Idle Scanning
Form Scalpel
Java Decompiler
Brutus AET2
Achilles
Web Proxies
Gather and document the results
Module 10 - Advanced Router Penetration Testing and Security Analysis

Overview of routing technologies
Router Security
Routing Protocols
Demonstrate knowledge of vulnerabilities in Routers
Understanding many Informational Vulnerabilities, as well as network vulnerabilities present in many routers
Analyzing Cisco packet captures for information disclosure and cracking Cisco passwords
Demonstrate knowledge of vulnerabilities in various network devices
Explore the role of Network Appliances such as printers and PBX's in potential security violations
Using Man in the Middle Attacks to intercept secured and encrypted traffic
The potential for router exploitation
Router Attacks
DDoS Attacks
Routing Table Attacks
Arp Poisoning
SNMP Attacks
Brute Force Attacks
BGP attacks
Analysis of router vulnerabilities and attacks
CVE
US-CERT
Packet Storm
Neohapsis
Bugtraq
SecurityFocus
Tools used for testing
Gathering and documenting the results
Module 11 - Advanced Firewall Penetration Testing and Security Analysis

Introduction to firewalls
What is a Firewall
Commonly use Firewall
Personal Firewall
Type of Firewall
Technical overview of firewall systems
Different implementations
NAT
PAT
Limitations
Vulnerability analysis of firewalls
Things a firewall cannot see
Penetration testing steps
Tools used for testing firewalls
Firewalk
Ftester
Gathering and documenting the results
Module 12 - Advanced Intrusion Detection Systems (IDS) Penetration Testing and Security Analysis

What is Intrusion Detection?
The need for IDS
Sensor Placement
IDS overview
IDS detection methods
Detection Engines
IDS analysis challenges
Analysis Engines
Host Based Challenges
Network Based challenges
Penetration testing techniques
IDS Evasion Techniques
IDS Insertion Attack
IDS Fragmentation Attack
Tools used for IDS testing and countermeasures
PSAD
Samhain
Tripwire
Stick
Snot
AdMutate
Nikto
Apsend
Apsr
Gathering and documenting test results
Module 13 – Advanced Wireless Penetration Testing and Security Analysis

Present an overview of Wireless Security
Types of wireless Network
Technology used in WLAN
Access Point
Chipsets
Learn about Wireless Technologies
Understand the problems with WLAN security
Issues with WLAN Security
WEP security issues
Cisco LEAP
EAP
802.1X
WPA
TKIP
RADIUS
Examine the tools used for Wireless Networks Testing
Airsnort
WepCrack
Monkey-Jack
Kismet
Examine Countermeasures
Module 15 - Advanced Application Penetration Testing and Security Analysis

Identify types of common applications
Common Applications used
Outline the technology of the applications
Mobile code
OLE
DCOM
ActiveX
JAVA
CGI
Detect the vulnerabilities in the applications
Buffer Overflow
Stack Overflow
Format Strings
Vulnerable functions
Examine the techniques of penetration testing
Reverse Engineering
Spoofing Authentication
Intercepting Data
Modifying input
CSS/XSS
Describe the tools employed in testing the applications
Modifying source of pages
Intercepting and modifying requests
GDB
Metasploit
CANVAS
CORE Impact
NIKTO
SQLDict
SQLbf
SQLexec
SQLSmack
Discover and analyze Web Application System Vulnerabilities
Use SQL-Injection attacks against target servers to retrieve database information
Test for Cross-Site Scripting vulnerabilities
Use automated scanners, such as Nikto, for web application testing
Document the results of the testing
Module 16 - Advanced Physical Security Penetration Testing and Security Analysis

Identify the goal of physical security
The four security processes
Component of physical security
Threats to physical security
Recognize the potential vulnerabilities of an organization with poor physical security
Piggybacking
Perimeter compromise
Stolen Equipment
Bypassing system security mechanisms
Social Engineering
Analyze the potential attacks against the physical environment
Intrusion Detection systems
Types of locks and their features
Point out recommended safeguards to these attacks
Access Control
Equipment anti-theft devices
Restricted zones
Security Policies
Guards
Awareness, Training, and Education
Document the test results
Module 17 - Reporting and Documentation

Learn the basics of report writing
Major Stages of report writing
Understand the requirements of the report
Report types
Focus of the report
Review different report writing options
Online DB
Spreadsheet
Using Template
Using a tree
Free Flow document
Outline reporting tips
Do a report workshop
Questionable areas, how to address them
Describe the reporting consultation
top

LPT Course Outline

The LPT course consists of 21 modules that cover structured penetration testing steps and processes.

Module 1: Penetration Testing Methodologies
Module 2: Customers and Legal Agreements
Module 3: Penetration Testing Planning and Scheduling
Module 4: Information Gathering
Module 5: Vulnerability Analysis
Module 6: External Penetration Testing
Module 7: Internal Network Penetration Testing
Module 8: Routers Penetration Testing
Module 9: Firewalls Penetration Testing
Module 10: Intrusion Detection System Penetration Testing
Module 11: Wireless Networks Penetration Testing
Module 12: Denial of Service Penetration Testing
Module 13: Password Cracking Penetration Testing
Module 14: Social Engineering Penetration Testing
Module 15: Stolen Laptop, PDAs and Cellphones Penetration Testing
Module 16: Application Penetration Testing
Module 17: Physical Security Penetration Testing
Module 18: Penetration Testing Report Analysis
Module 19: Penetration Testing Report and Documentation Writing
Module 20: Penetration Testing Deliverables and Conclusion
Module 21: Ethics and Conduct of a Licensed Penetration Tester
top



Frequently Asked Questions


ECSA

How does ECSA deliver value to a security professional like me?

ECSA teaches you to interpret and analyze outcomes you come across during routine and exceptional security testing. It helps you analyze the symptoms and pinpoint the causes of those symptoms which reflect the security posture of the network. top


Why should I take ECSA when I am already certified as a security professional?

Most security certifications highlight the management aspects or the technical aspects alone. ECSA helps you bridge the gap to a certain extent by helping you detect the causes of security lapses and what implications it might carry for the management. This places you a step closer to becoming a Licensed Penetration Tester, where you become a complete penetration testing professional. top


How does ECSA deliver value to the enterprise's security team?

Having an ECSA on your enterprise security team will enhance value to the team as you will have a professional aboard who is exposed to advanced security testing and proficient to make studied analysis of the situation. top


How is ECSA different from CEH?

CEH exposes the learner to various hacking tools and techniques, while ECSA exposes the learner to the analysis and interpretation of results obtained from using those tools and techniques. top


I have over three years experience in the industry. Should I opt for ECSA instead of CEH?

ECSA is not a replacement for CEH. CEH provides you with a foundation in which to fortify your skills using knowledge gained from ECSA. top
 

LPT

Why should I be licensed?

Penetration testers today have been certified by different agencies, but are they trusted? Do they follow a code of ethics? The answer is no. The Licensed Penetration Tester program offered by EC-Council gives certified penetration testers the opportunity to practice their skills so that they are able to function as a Licensed Penetration Tester. EC-Council Licensed Penetration Testers use hands-on penetration testing methodologies and are trained by experts and specialists who are Licensed Penetration Testers from EC-Council. top


I am a Penetration Tester why do I need to be a Licensed Penetration Tester?

Being a certified penetration tester would be of little help. Corporate organizations today are looking for penetration testers who can analyze vulnerabilities of the network and who can be trusted not to disclose network vulnerabilities to competitors. Thereby, many companies would be looking for a Penetration Tester who is licensed to carry out these tasks and who has hands-on experience in penetration testing. top


What is the difference between a Licensed Penetration Tester and a Certified Ethical Hacker?

A Certified Ethical Hacker is an individual who is trained in mastering hacking technologies. A Licensed Penetration Tester is a professional who is equipped with a License to conduct penetration testing of corporate networks. Licensed Penetration Testers are preferred over non-licensed ones by companies for recruitments and assignments. top


Why does EC-Council License Penetration testing?

With the Licensed Penetration Testing program from EC-Council, companies are assured that Licensed Penetration testers are being taught, tested and certified by a globally recognized and professionally managed body like E C-Council. Thus, organizations can be completely assured and confident of the deliverables of the Licensed Penetration Tester authorized by EC-Council. This could be compared to procuring a driving license from your license-issuing authority. top


How is EC-Council's Licensed Penetration Testing course different from training and other methodologies?

The Licensed Penetration Testing course provided by EC-Council is different from other training programs as the instructors teaching the course are experts and specialists in the field of Penetration testing and are qualified and licensed penetration testers themselves. EC-Council provides specialized training for licensed penetration testers to have a competitive edge in the information security market. top


I have experience in Penetration Testing can I skip the LPT workshop?

It is mandatory for certified penetration testers to attend the LPT workshop. The LPT workshop is conducted by specialized and experienced LPTs who provide insights to common vulnerabilities to networks. This workshop teaches penetration testers how to conduct a penetration test step by step. The workshop is conducted by Licensed Penetration Testers at selected locations. top


What is EC-Council's Tiger Team?

EC-Council's Tiger Team is made up of Licensed Penetration Testers from around the world and different disciplines. The Tiger Team consists of Database Penetration Testers, Firewall Penetration Testers, Cisco Penetration Testers, Oracle Penetration Testers, Report writers, etc., and is headed by a Chief Penetration Tester. top


How do I join EC-Council's Tiger Team?

Penetration Testers can join EC-Council's Tiger Team after they obtain the LPT license. Once the penetration tester has received his /her license he or she shares a common platform with other LPTs and can become a part of EC-Council's Tiger Team through EC-Council's member portal for LPT professionals. top


If I have a penetration testing assignment how do I go about completing it?

Penetration Testing assignments given by EC-Council teach candidates to start penetration testing from scratch. Candidates are taught advanced techniques in penetration testing. top


Are there any LPT exams?

There are currently no LPT exams; however, the exam is currently under development and will most likely be available in the near future. top


What if someone breaks the EC-Council code of ethics?

If any candidate breaks the EC-Council code of ethics his/her Penetration testing license would immediately be revoked after EC-Council conducts a detailed investigation into the case. top


How do I apply for the Licensed Penetration Tester course?

Candidates are able to apply for the Licensed Penetration Testing course after filling out the application form providing a training source agreement for approval that should be endorsed by the sponsoring agency. Candidates must agree to the EC-Council code of ethics. top


How long is the License for Penetration Testers valid?

The validity of the license for the penetration tester expires after 2 years. The penetration tester can apply for renewal of license providing payment of $250 to EC-Council. top


 

DATES

5/17/2010 - 5/21/2010 Washington, DC
 

6/21/2010 - 6/25/2010 Chicago, IL

8/2/2010 - 8/6/2010 Bushkill, PA

9/20/2010 - 9/24/2010 San Francisco, CA

11/1/2010 - 11/5/2010 Washington, DC

12/6/2010 - 12/10/2010 Chicago, IL

Get Started Today with the ECSA/Licensed Penetration Tester Training Course DUAL CERTIFICATION Boot Camp.
To find out more, fill out this form and to have details and schedule emailed to you and/or have a counselor contact you.

ATLANTA - BOSTON - CHICAGO - CLEVELAND - HOUSTON - DALLAS -
LONG BEACH, CA - MINNEAPOLIS
NEW YORK - PHILADELPHIA - RALEIGH - RESTON, VA -
SAN DIEGO
SAN FRANCISCO - SAN JOSE
ST. LOUIS
Arlington, VA
Austin, TX
Boston, MA
Chicago, IL
Las Vegas, NV
Los Angeles, CA
Orlando, FL
Pocono Mountains, PA
Scottsdale, AZ
Seattle, WA

cisco boot camps pdf file

cissp training dvd pdf

For Self-Study products on DVD-ROM and Online Video
Click Here to Visit Training Planet

New Package Discount Programs to Recession-Proof your Career!

We have Certification Training Boot Camp Classes for:
Help Desk:
A+ Certification | Network+ | MCDST | Microsoft Office MCAS/MOS | ITIL
Apple Certified Help Desk Specialist ACHDS Certification ACSP
Security:
Security+ | CISSP | CCSP PIX | Computer Forensics Training | Certified Ethical Hacker
Security Analyst ECSA / Penetration Testing Certification LPT
Cisco:
Cisco Training | CCNA - CCNP | CCSP | CCIE - CCVP | CWNA Wireless |
Microsoft Server:
MCSE | MCSA | Exchange
Programming:
JAVA | MCPD | MCITP DBA | MCTS Certification SQL Server | Oracle DBA OCA  
Other OS:
Linux LPIC | Sun Solaris | Citrix | VMware ESX Server Training
Project and Document Management:
CDIA |  Project Management PMP Exam | Sarbanes Oxley Training SOX Sarbox
Graphics:
Photoshop - Flash - Dreamweaver | Autocad
Other:
Onsite Custom Classes | Salary Survey | JustTechJobs.com

- NEW Cisco CallManager CCVP Voice over IP
- NEW Sarbanes Oxley Training SOX Sarbox
- UPDATED! Cisco CCIE Boot Camp Classes

CertificationCity.com, TrainingPlanet.com, StatTraining.com
are all TMs of Bad Dog's Training Planet, Inc. 

CISSP is a TM of ISC2 and Cisco CCNA/CCDA, CCNP, CCIE, CCSP are a TM of Cisco Systems
Globalnet Training is not affiliated with or endorsed by Cisco Systems, Inc.

Certification City - A Division of Training Planet
From Self-Study Videos/CDs to Boot Camp Classes ...at Training Planet it's all about choice.

We research the best providers out there for you and let you choose!
For fastest sevice to get contact with the right rep in your area (we have dedicated reps all over the country)  fill out form on this page.

Albany, New York Albuquerque, New Mexico Alexandria, Virginia Anchorage, Alaska Atlanta, Georgia Austin, Texas Baltimore, Maryland Birmingham, Alabama Bismark, North Dakota Boise, Idaho Boston, Massachusets Charlotte, North Carolina Cheyenne, Wyoming Chicago, Illinois Cincinnati, Ohio Cleveland, Ohio Columbus, Ohio Concord, New Hampshire Dallas, Texas Denver, Colorado Des Moines, Iowa Detroit, Michigan Ft. Lauderdale, Florida Ft. Wayne, Indiana Honolulu, Hawaii Houston, Texas Huntsville, Alabama Indianapolis, Indiana Jackson, Mississippi Jackson, Wyoming Jacksonville, Florida Lexington, Kentucky Lincoln, Nebraska Los Angeles, California Las Vegas, Nevada Miami, Florida Milwaukee, Wisconsin Minneapolis, Minnesota Montpelier, Vermont Nashville, Tennessee New Orleans, Louisiana New York City Norfolk, Virginia Oklahoma City, Oklahoma Omaha, Nebraska Orlando, Florida Philadelphia, Pennsylvania Phoenix, Arizona Pierre, South Dakota Pittsburgh, Pennsylvania Portland, Maine Portland, Oregon Providence, Rhode Island Raleigh-Durham, North Carolina Richmond, Virginia Rockford, Illinois Sacramento, California St. Louis, Missouri Salt Lake City, Utah San Antonio, Texas San Diego, California San Francisco, California San Jose, California Sandestin, Florida Seattle, Washington Tulsa, Oklahoma Wichita, Kansas Wilmington, Delaware.