Trang chủ > Chương trình đào tạo EC - COUNCIL > EC-Council Certified Security Analyst – ECSA v9

EC-Council Certified Security Analyst – ECSA v9




The ECSA course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

The ECSA program takes the tools and techniques you learned in the Certi­ed Ethical Hacker course

(CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology

It is a highly interactive, comprehensive, standards-based and methodology intensive training program 5-day security class which teaches information security professionals to conduct real life penetration tests.

This course is the part of the Information Security Track of EC-Council. This is a “Professional” level course, with the Certi­ed Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certi­cation.

DURATIONS: 40 Hours (5 days)


Ethical Hackers, Penetration Testers Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.


Upon completion of this course, students will receive the Certificate of Completion from SmartPro.


  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: MCQ
  • Test Delivery: EC-Council exam portal or Pearson VUE




Module 01: Security Analysis and Penetration Testing Methodologies

  • OPM Government Data Breach Impacted 21.5 Million
  • Hackers Steal up to $1 Billion from Banks
  • Information Security Breach Survey
  • Data Breach Statistics
  • Module Objectives
  • Security Concerns
  • Security Policies
  • Information Security Standards
  • Information Security Acts
  • Information Security Acts and Laws
  • Penetration Testing Methodology
  • Module Summary 

​ Module 02: TCP/IP Packet Analysis

  • Module Objectives
  • Module Flow
  • Overview of TCP/IP Protocol Stack
  • Analysis of Application Layer Protocols
  • Analysis of Transport Layer Protocols
  • Analysis of Internet Layer Protocols
  • Analysis of a TCP/IP Connection
  • TCP/IP in Mobile Networks
  • Module Summary

Module 03: Pre-penetration Testing Steps

  • Module Objectives
  • Pre-penetration Testing Steps
  • Module Summary 

Module 04: Information Gathering Methodology

  • Module Objectives
  • What is Information Gathering?
  • Information Gathering Terminologies
  • Information Gathering Steps
  • Footprinting Tools
  • Module Summary 

Module 05: Vulnerability Analysis

  • Module Objectives
  • What Is Vulnerability Assessment?
  • Module Summary 

Module 06: External Network Penetration Testing Methodology

  • Module Objectives
  • External Intrusion Test and Analysis
  • Why Is It Done?
  • Client Benefits
  • External Penetration Testing
  • Steps for Conducting External Penetration Testing
  • Recommendations to Protect Your System from External Threats
  • Module Summary

Module 07: Internal Network Penetration Testing Methodology

  • Module Objectives
  • Internal Network Penetration Testing
  • Why Internal Network Penetration Testing?
  • Internal Network
  • Steps for Internal Network Penetration Testing
  • Automated Internal Network Penetration Testing Tools
  • Recommendations for Internal Network Penetration Testing
  • Module Summary

Module 08: Firewall Penetration Testing Methodology

  • Module Objectives
  • What is a Firewall?
  • What Does a Firewall Do?
  • What Can’t a Firewall Do?
  • Types of Firewalls
  • Packet Filtering
  • Firewall Policy
  • Firewall Implementation
  • Build a Firewall Ruleset
  • Maintenance and Management of Firewall
  • Steps for Conducting Firewall Penetration Testing
  • Best Practices for Firewall Configuration
  • Module Summary

Module 09: IDS Penetration Testing

  • Penetration Testing Methodology
  • Module Objectives
  • Introduction to Intrusion Detection System (IDS)
  • Types of Intrusion Detection Systems
  • Why IDS Penetration Testing?
  • Common Techniques Used to Evade IDS Systems
  • IDS Penetration Testing Steps
  • IDS Evasion Tool: Traffic IQ Professional
  • IDS Evasion Tools
  • Intrusion Detection System: Snort
  • Intrusion Detection ToolsIDS Countermeasures
  • Module Summary

Module 10: Web Application Penetration Testing Methodology

  • Module Objectives
  • Why Web Application are So Critical
  • Web Application Penetration Testing/Security Testing
  • Web App Pen Testing Methodology
  • Connection String Injection
  • Module Summary 

Module 11: SQL Penetration Testing Methodology

  • Module Objectives
  • An Overview to SQL Injection
  • Module Summary 

Module 12: Database Penetration Module 11: SQL Penetration Testing Methodology

  • Module Objectives
  • An Overview to SQL Injection
  • Module Summary

Testing Methodology

  • Module Objectives
  • Database Penetration Testing Steps
  • Oracle Database penetration testing
  • Oracle Auditing – Wrong Statements Logged
  • MS SQL Server Penetration Testing
  • MySQL Server Penetration Testing
  • Database Password Cracking Tool
  • Database Vulnerability Assessment Tool
  • Database Penetration Testing Tool
  • Recommendations for Securing Databases
  • Module Summary

Module 13: Wireless Network Penetration Testing Methodology

  • Module Objectives
  • Wireless Penetration Testing
  • Wireless Security Threats
  • Wireless Penetration-Testing Tools
  • Wireless Penetration Testing Steps
  • RFID Penetration Testing
  • NFC Penetration Testing
  • IoT Penetration Testing
  • Module Summary

Module 14: Mobile Devices Penetration Testing Methodology

  • Module Objectives
  • Why Mobile Device Penetration Testing
  • Mobile Devices Market Share
  • Mobile penetration Testing requires rooting/jailbreaking of mobile devices
  • Mobile Penetration Testing Methodology
  • Android Application Penetration Testing
  • iPhone Application Penetration Testing
  • Mobile Phone Security Best Practices
  • Module Summary 

Module 15: Cloud Penetration Testing Methodology

  • Module Objectives
  • Cloud Computing Security and Concerns
  • Security Risks Involved in Cloud Computing
  • Security Controls and the Cloud Computing Compliance Model
  • Role of Penetration Testing in Cloud Computing
  • Key Considerations for Pen Testing in the Cloud
  • Scope of Cloud Pen Testing
  • Cloud Penetration Testing Steps 
  • Recommendations for Cloud Testing
  • Module Summary 

Module 16: Report Writing and Post Test Actions

  • Module Objectives
  • Module Flow
  • Penetration Testing Deliverables
  • Writing Pen Testing Report
  • Pen Testing Report Format
  • Result Analysis
  • Post Testing Actions
  • Report Retention
  • Module Summary 


Địa chỉ: Lầu 6, toà nhà Thiên Sơn, 5-7-9 Nguyễn Gia Thiều, P.6, Quận 3, TP.HCM

Tel: (028) 39 333 376 - Fax: (028) 39 30 6767


Chi nhánh: Nhà 40, ngõ 210 Đội cấn, Phường Đội cấn, Quận Ba đình, Hà nội

Tel: (024) 37620196


web counters