A professional level pen testing program is the demand of
the day in any of the organizations.
To attain
this professional level skills, the core curricula of the certification
professional gains must map with it and is anticipated to be in compliance with
Government and the industry published frameworks.
Evidently,
EC-Council new release, ECSA v10 curricula exactly present the comprehensive
methodologies that match with the pentesting requirements across varied
industrial segments.
Let’s
explore what’s new in version: ECSA v10
The
new ECSA v10 has the updated curricula in alignment with the industry
recognized penetration testing methodology. It elevates the participant’s
ability to apply new skills, provides a deeper understanding of Web Application
Penetration Testing, Internal Network Testing, Password Cracking, Web
Application Penetration Testing, and so forth.
In
correspondence with the new updates of CEH v10 program, the ECSA v10
program has been re-engineered as a progression. This 5-day intensive course is
highly interactive, standard based, and helps the security professionals to
know the real-life penetration testing.
Further,
the participants who clear the knowledge exam have an option to pursue
practical exam that enables them to test the skills and earn ECSA [Practical]
credential.
Mention
not to say, it forms the “Professional” level course in the VAPT Track of EC-Council.
Highlights of ECSA v10:
1.Compliant
with NICE 2.0 Framework:
ECSAv10
maps with NICE framework’s Analyze (AN) and Collect and Operate (CO) specialty
area.
2. New
Module:
Social Engineering Pen Testing Methodology: The 2017 Verizon Data BreachInvestigation Report states that 43% of the documented breaches are due to social engineering attacks. As a compensatory and preventive effort to fill the huge gap, this ECSA v10 program comprehensively covers the pentesting domain.
3. An
Insight into Methodologies:
It
focuses on the methodologies like Network, Database, Wireless, Web Application,
Cloud pen testing, and, etc. The methodologies are as best as from ISO 27001,
OSSTMM, and NIST Standards.
4. A
perfect blend of manual and automated testing approach:
It
is evident that manual testing complements with the automated ones. Human
intervention is as necessary as the automated tools. For instance: Logic
testing.
The
testing approach here combines both of them to derive maximum benefit.
5.
Designed depending on the most common testing services:
The
penetration testing methodologies are designed as per the market approach which
includes
·
Network Penetration Testing
·
Web Application Penetration Testing
·
Social Engineering Penetration Testing
·
Wireless Penetration Testing
·
Cloud Penetration Testing
·
Database Penetration Testing
6.
Presents an engagement methodology:
A
module is completely dedicated to alert the pre-engagement activities, initiate
and set the Rule of Engagement [RoE] for the penetration test.
7.
Guidance for Report Writing:
Just
like for engagement methodology, a module is dedicated to report writing too.
It describes the needed skills to draft the test report in such a way that the
findings of the test are agreeable and justifiable to the concerned client.
8.
Hands-on Labs:
This
course helps the participants to have a direct experience on penetration
testing process starting from scoping to report writing.
9.
Standard Templates:
The
course offers a bundle of standard templates essential for scoping, engagement
process, collecting, and report writing and makes the participant’s learning
easier.
Moving forward, let us have
a brief comparison of the EC-Council products CEH v10 and ECSA v10.
As
a known fact, ECSA is the learning progress in continuation of the CEH program.
Built on the skills and abilities covered in new CEH v10 program, it takes the
tools learned over there as a practical challenge.
Some
of the main differentiation have been tabulated below for your easy reference.
|
CEH v10
|
ECSA v10
|
|
Core level in the VAPT Track
|
A Professional level in the VAPT Track
|
|
Learn Baseline Skills
|
Learn Advanced Skills
|
|
Learn about the tools used
|
Learn more tools
|
|
Learn to defend against
|
Conduct Penetration Testing Methodologies
|
|
Can be
compared to ‘A Soldier’ ie. it refers to dodging a bullet
|
Can be
compared to ‘The General’ ie. it refers to expertise the Art of War
|
Let us continue further and know about the course in detail.
Course
Outline:
The
course outline is enlisted below:
·
Introduction to Penetration Testing and Methodologies
·
Penetration Testing Scoping and Engagement Methodology
·
Open Source Intelligence (OSINT) Methodology
·
Social Engineering Penetration Testing Methodology
·
Network Penetration Testing Methodology - External
·
Network Penetration Testing Methodology - Internal
·
Network Penetration Testing Methodology - Perimeter Devices
·
Web Application Penetration Testing Methodology
·
Database Penetration Testing Methodology
·
Wireless Penetration Testing Methodology
·
Cloud Penetration Testing Methodology
·
Report Writing and Post Testing Actions
Intended
Audience:
The
target audience for this course are as follows:
·
Ethical Hackers
·
Penetration Testers
·
Security Analysts
·
Security Engineers
·
Network Server Administrators
·
Firewall Administrators
·
Security Testers
·
System Administrators
·
Risk Assessment Professionals
Self-study
Modules:
·
Penetration Testing Essential Concepts
·
Password Cracking Penetration Testing
·
Denial-of-Service Penetration Testing
·
Stolen Laptop, PDAs and Cell Phones Penetration Testing
·
Source Code Penetration Testing
·
Physical Security Penetration Testing
·
Surveillance Camera Penetration Testing
·
VoIP Penetration Testing
·
VPN Penetration Testing
·
Virtual Machine Penetration Testing
·
War Dialing
·
Virus and Trojan Detection
·
Log Management Penetration Testing
·
File Integrity Checking
·
Telecommunication and Broadband Communication Penetration
Testing
·
Email Security Penetration Testing
·
Security Patches Penetration Testing
·
Data Leakage Penetration Testing
·
SAP Penetration Testing
·
Standards and Compliance
·
Information System Security Principles
·
Information System Incident Handling and Response
·
Information System Auditing and Certification
Prerequisites:
ECSA Exam
·
Attend Training through EC-Council Accredited Training Center
·
Possess a minimum of 2 years of experience in related Infosec
domain
No comments:
Post a Comment