1

Hackers are here. Where are you?

What is the ECSA/LPT Program?

Hackers are here. Where are you?

3
The ECSA/LPT program is a comprehensive, standards-based, methodological approach to training and validating IT security professionals Penetration Testing and IS Security Auditing capabilities. The ECSA/LPT Program consists of two components: ECSA Training and the LPT Practical Exam. ECSA is a 3-day, completely hands-on training program. It uses simulated real-time scenarios to train students in standard penetration testing methodologies. LPT is a 2-day practical exam designed to evaluate students pen testing skills.

The ECSA/LPT ecosystem contains a set of pen testing standards, methodologies, real-time simulated pen testing challenges, pen testing licence accreditation, automated report writing suite, and reporting template.

Hackers are here. Where are you?

4
Why did EC-Council Combine Two Programs in to One Training?
The ECSA program provides the necessary skills and training on various penetration testing and security auditing methodologies whereas LPT evaluates the professionals capabilities of performing penetration tests in real-time scenarios. The LPT credential proves your efficiency in what you have learnt in the ECSA training.

How Many Certificates will I Get?

The ECSA/LPT program awards two certificates to successful candidates. The ECSA certificate is provided on successfully passing the online ECSA exam and LPT credentials are provided upon meeting the requirements stated in LPT application form.

Hackers are here. Where are you?

5
What is the ECSA/LPT Program Flow?

Do I have to be CEH to join ECSA/LPT?

No. It is no necessary to be a CEH to take the ECSA/LPT program.

Can I Take The ECSA Training Only and Skip The LPT License?
Yes. However, we strongly recommend that candidates go for the LPT licence, as it can be a major milestone in your career and help you achieve your goals in the world of Penetration Testers and Information Security Auditors.

Hackers are here. Where are you?

EC-Council Certified Security Analyst (ECSA)

Hackers are here. Where are you?

7
What is ECSA?
EC-Council Certified Security Analyst (ECSA) is an advanced penetration testing and security assessment training program. It focuses on training information security professionals and auditors in groundbreaking network penetration testing training methods and techniques. The ECSA certification helps students perform the intensive assessments required to effectively identify and mitigate risks to the information security of an infrastructure. This makes the ECSA certification a relevant milestone toward achieving EC-Councils Licensed Penetration Tester (LPT) credentials because in addition to rigorous training, the student will also learn the business aspect of network penetration testing. The objective of the ECSA certification is to add value to experienced information security professionals by providing computer security training that will help them analyze the outcomes of their vulnerability assessments.

Why ECSA
The ECSA program provides standard-based, methodological training designed to prepare students for real-time penetration testing and auditing assignments. The ECSA is a highly labintensive program relying on performance-based learning - helping students practice what they learn in the class.

Target Audience
Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program.

Hackers are here. Where are you?

Benefits of Becoming ECSA

The ECSA is for experienced professionals in the industry and is backed by a curriculum designed by the best in the field. Students earn greater industry acceptance as seasoned security professionals. ECSAs learn to analyze the outcomes of security tools and security testing techniques. The ECSA sets students on the path toward achieving the LPT certification.

Hackers are here. Where are you?

What is the Outline of ECSA?

Core Modules
1. Need for Security Analysis 2. TCP IP Packet Analysis 3. Penetration Testing Methodologies 4. Customers and Legal Agreements 5. Rules of Engagement 6. Penetration Testing Planning and Scheduling 7. Pre-penetration Testing Steps 8. Information Gathering 9. Vulnerability Analysis 10. External Penetration Testing 11. Internal Network Penetration Testing 12. Firewall Penetration Testing 13. IDS Penetration Testing 14. Password Cracking Penetration Testing 15. Social Engineering Penetration Testing 16. Web Application Penetration Testing 17. SQL Penetration Testing 18. Penetration Testing Reports and Post Testing Actions

Hackers are here. Where are you?

10
Self-Study Modules
19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. Router and Switches Penetration Testing Wireless Network Penetration Testing Denial-of-Service Penetration Testing Stolen Laptop, PDAs and Cell Phones Penetration Testing Source Code Penetration Testing Physical Security Penetration Testing Surveillance Camera Penetration Testing Database Penetration Testing VoIP Penetration Testing VPN Penetration Testing Cloud Penetration Testing Virtual Machine Penetration Testing War Dialing Virus and Trojan Detection Log Management Penetration Testing File Integrity Checking Mobile Devices Penetration Testing Telecommunicationand Broadband Communication Penetration Testing Email Security Penetration Testing Security Patches Penetration Testing Data Leakage Penetration Testing SAP Penetration Testing Standards and Compliance Information System Security Principles Information System Incident Handling and Response Information System Auditing and Certification

Hackers are here. Where are you?

11

ECSA Exam Information

Credit Towards Certification: ECSA Number of Questions: 50 Passing Score: 70% Test Duration: 2 hours Test Format: Multiple choice Test Delivery: Prometric Online Web site

Hackers are here. Where are you?

12
How to Become ECSA?
Pass the required ECSA exam to obtain the ECSA certificate.

Hackers are here. Where are you?

13
Where can I Attend Training?

For more information, visit the webpage http://www.eccouncil.org/Training

Job Roles for ECSA

Perform network and application penetration testing using both automated and manual techniques Design and perform audits of computer systems to ensure they are operating securely and that data is protected from both internal and external threats Assess system-wide security statuses Design and recommend security policies and procedures Ensure compliance to policies and procedures Evaluate highly complex security systems according to industry best practices to safeguard internal information systems and databases Lead investigations of security violations and breaches and recommend solutions, prepare reports on intrusions as necessary, and provide an analysis summary for management Respond to complex requests for information security information from both internal and external customers

Hackers are here. Where are you?

14

Why ECSA is Best

Presents industry accepted comprehensive pen testing standards on 44 domains Covers advanced topics such as Mobile, Cloud, and Virtual Machine pen testing Maps to NICEs Protect and Defend, Operate and Collect, and Analyze Specialty Area Category Covers all the requirements of National Information Assurance Training Standard For Information Systems Security Officers (CNSS - 4014) and National Training Standard for System Certifiers (NSTISSI - 4015)

Hackers are here. Where are you?

15

EC-Councils Licensed Penetration Testing (LPT) Certification

Hackers are here. Where are you?

16

EC-Councils Licensed Penetration Tester (LPT) certification is a natural evolution of its series of security-related professional certifications. The LPT standardizes the knowledge requirements for penetration testing professionals by incorporating the best practices followed by experienced experts in the field. The objective of the LPT is to ensure that each professional licensed by EC-Council follows a strict code of ethics, is exposed to the best practices in the domain of penetration testing, and is aware of the compliance requirements of the industry. Unlike other security certifications, the LPT is a program which trains security professionals to analyze the security posture of a network and recommend corrective measures confidently. EC-Councils LPT vouches for the holders professionalism and expertise thereby making these professionals more sought after by organizations like consulting firms around the world.

What is LPT?

Hackers are here. Where are you?

17
What is LPT Framework?

Hackers are here. Where are you?

18
How Does the LPT License help me in conducting pen tests?
The LPT licence provides assurance to your employer or prospective clients that you possess the ability to perform a methodological security assessment. It also helps you join the EC-Councils elite Tiger Team, which provides you a platform to showcase your skills and earn real-world pen testing experience.

How is LPT framework different from other pen testing frameworks and standards?
Unlike other proprietary pen testing frameworks that are used only within a particular organization, EC-Councils LPT framework is available to the public. The LPT framework was developed based on a thorough analysis of all the available frameworks and standards in the industry. The LPT is further bolstered by incorporating the strengths of other frameworks into one certification.

Hackers are here. Where are you?

19
What is Tiger Team?
Tiger Team is an elite set of professionals who hold LPT credential that engage in Penetration Testing projects worldwide. Members of Tiger Team have high chances of participating in Penetration Testing assignments worldwide. The list will be displayed on our website and will act as an endorsement of the professionals skills and ethics.

How can I join the Tiger Team?

Selected Certified Licensed Penetration Tester professionals will be invited in EC-Councils elite Tiger Team. Police clearance / verification / background check/ legal agreements will be involved before joining the team.

How can I buy the LPT Framework?

You can access and use the LPT framework after registering for the ECSA/LPT program.

What is VampireTest?
VampireTest is a tool designed to be used by penetration testers to input penetration test data results. The program accepts various inputs and delivers a final, cohesive report of the data content.

Hackers are here. Where are you?

20

EC-Council
6330 Riverside Plaza Ln NW Suite 210 Albuquerque, NM 87120 Tel: +1.505.341.3228 Fax: +1.505.341.0050 http://www.eccouncil.org E-mail: info@eccouncil.org

Hackers are here. Where are you?

Hackers are here. Where are you?