EC-Council Certified Security Analyst

DURATION: 5 days (~40 hours)


  • The ECSA program offers a seamless learning progress continuing where the CEH program left off.
  • ECSA   is a globally respected penetration testing program that covers the testing of modern infrastructures, operating systems, and application environments while teaching the students how to document and prepare professional penetration testing report.  This program takes the tools and techniques covered in CEH to next level by utilizing EC-Council’s published penetration testing methodology.
  • The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-by-step penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.
  • Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals
  • It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted. Building on the knowledge, skills and abilities covered in the new CEH v10 program, we have simultaneously re-engineered the ECSA program as a progression from the former.
  • Organizations today demand a professional level pentesting program and not just pentesting programs that provide training on how to hack through applications and networks.
  • This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.

What’s New in ECSA v10?

  • Maps to NICE 2.0 Framework
  • ALL NEW Module for Social Engineering Pen Testing
  • Increased Focus on Methodologies
  • Blended with both manual and automated penetration testing approach
  • Designed based on the most common penetration testing services provided by the penetration testing service providers and consulting firms in the market including:
  • Network Penetration Testing
  • Web Application Penetration Testing
  • Social Engineering Penetration Testing
  • Wireless Penetration Testing
  • Cloud Penetration Testing
  • Database Penetration Testing
  • Presents a comprehensive scoping and engagement methodology
  • Provides strong reporting writing guidance to draft valuable and comprehensive penetration report
  • Hands-on labs demonstrating practical and real-time experience on each of area of penetration testing
  • Provides standard templates that are required during penetration test


After finish the course, student will have knowledges and skills to:

  • Analyze with the Penetration Testing Scoping and Engagement Methodology
  • Analyze with the Open Source Intelligence (OSINT) Methodology
  • Analyze with the Social Engineering Penetration Testing Methodology
  • Analyze with the Network Penetration Testing Methodology
  • Analyze with the Web Application Penetration Testing
  • Analyze with the Database Penetration Testing Methodology
  • Analyze with the Cloud Penetration Testing Methodology
  • Perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch and post exploitation maneuvers.
  • Customize payloads
  • Make critical decisions at different phases of a pen-testing engagement
  • Perform advanced network scans beyond perimeter defenses
  • Perform automated and manual vulnerability analysis
  • Customization, launch, and post exploitation maneuvers
  • Perform a full fledged Penetration Testing engagement
  • Create a professional pen-testing report
  • Demonstrate the application of penetration testing methodology presented in the ECSA program


Ethical Hackers, Penetration Testers, Security Analysts, Security Engineers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators, and Risk Assessment Professionals.


Prior completion of CEH training would be an advantage


  • Certified Ethical Hacker (CEH)
  • Licensed Penetration Tester (LPT)


After finish the course, student will receive completion certificate issued by SmartPro.


  • Module 1: Introduction to Penetration Testing and Methodologies
  • Module 2: Penetration Testing Scoping and Engagement Methodology
  • Module 3: Open Source Intelligence (OSINT) Methodology
  • Module 4: Social Engineering Penetration Testing Methodology
  • Module 5: Network Penetration Testing Methodology - External
  • Module 6: Network Penetration Testing Methodology - Internal
  • Module 7: Network Penetration Testing Methodology - Perimeter Devices
  • Module 8: Web Application Penetration Testing Methodology
  • Module 9: Database Penetration Testing Methodology
  • Module 10: Wireless Penetration Testing Methodology
  • Module 11: Cloud Penetration Testing Methodology
  • Module 12: Report Writing and Post Testing Actions