ECSAv10 Exam Information and Guideline
EC-Council Certified Security Analyst
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
ECSA v10 Exam info: Credit Towards Certification: ECSA v10
Number of Questions: 150
Passing Score: 70%
Test Duration: 4 Hours
You are an ethical hacker. In fact, you are a Certified Ethical Hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep. You have sufficient knowledge and an arsenal of hacking tools and you are also proficient in writing custom hacking code.
The ECSA program offers a seamless learning progress, continuing where the CEH program left off.
Unlike most other pen-testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.
1 Penetration Testing Essential Concepts
• Computer Network Fundamentals
• Network Security Controls and Devices
• Windows and Linux Security
• Web Application and Web Server Architecture and Operations
• Web Application Security Mechanisms
• Information Security Attacks
• Information Security Standards
2 Introduction to Penetration
Testing Methodologies
• Penetration Testing Process and Methodologies & Benefits
• Types, Areas and Selection of Pentesting
3 Penetration Testing Scoping and Engagement Methodology
• Penetration Testing Scoping and Rules and Engagement
• Penetration Testing Engagement Contract and Preparation
4 Open-Source Intelligence (OSINT)
Methodology
• OSINT Through World Wide Web (WWW), Website Analysis, DNS Interrogation
• Automating your OSINT Effort Using Tools/Frameworks/Scripts
5 Social Engineering Penetration
Testing Methodology
• Social Engineering Penetration Testing Techniques & Steps
• Social Engineering Penetration testing using E
6 Network Penetration Testing
Methodology – External
• External Network Information & Reconnaissance
• Scanning, and Exploitation
7 Network Penetration Testing
Methodology – Internal
• Internal Network Information Reconnaissance and Scanning
• Internal Network Enumeration and Vulnerability Scanning
• Local and Remote System Exploitation
8 Network Penetration Testing
Methodology - Perimeter Devices
• Firewall Security Assessment Techniques
• iDs Security Assessment Techniques
• Router and Switch Security Assessment
Techniques
9 Web Application Penetration
Testing Methodology
• Web Application Content Discovery and Vulnerability Scanning
• SQL Injection Vulnerability Penetration Testing
• XSS, Parameter Tampering, Weak
Cryptography, Security Misconfiguration and Client side scripting, vulnerabilities penetration techniques
• Authentication, Authorization, session, Web Server Vulnerabilities Penetration Testing
10 Database Penetration Testing
Methodology
• Database Penetration Testing Techniques & Information Reconnaissance
• Database Enumeration & Exploitation
11 Wireless Penetration Testing
Methodology
• WLAN Penetration Testing Techniques
• RFID and NFC Penetration Testing Techniques
• Mobile Device Penetration Testing Techniques
• loT Penetration Testing Techniques
12 Cloud Penetration Testing
Methodology
• Cloud Specific Penetration Testing Techniques and Recommendations
• Cloud Specific Penetration Testing Methods
13 Report Writing and Post Testing
Actions
• Penetration Testing Report Writing Process
• Penetration Testing Reporting Formats