A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user, known as a hacker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and / or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered.
About this workshop
The EC-Council’s Certified Security Analyst / LPT program gives an in-depth perspective of Advanced Hacking and Penetration Testing methodologies that covers all modern infrastructure, operating systems and application environments.
This workshop is designed to teach Security Professionals the advanced uses of the LPT methodologies, tools and techniques required to perform comprehensive information security tests. Participants will learn how to design, secure and test networks to protect their organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this workshop will help participants perform the intensive assessments required to effectively identify and mitigate risks to the security of their organization’s infrastructure. As participants learn to identify security problems, they also learn how to avoid and eliminate them, with the workshop providing complete coverage of analysis and network security-testing topics.
This 5 day highly interactive course will help participants have hands on understanding and experience in Penetration Testing and prepare for EC-Council Certified Security Analyst Exam 412-79 and the LPT certification.
Benefits
The EC-Council’s Certified Security Analyst / LPT program has emerged as one of today's most sought-after certifications in Security Analysis. It serves as a significant step towards a career in penetration testing and vulnerability assessment.
There are many reasons to achieve an ECSA/LPT certification:
- Prepare yourself to handle penetration testing assignments with more clarity
- Understand how to conduct Vulnerability Assessment
- Expand your present knowledge of identifying threats and vulnerabilities
- Bring security expertise to your current occupation
- Become more marketable in a highly competitive environment
Therefore this workshop will prepare you to handle VA / PT assignments and give you a better understanding of various security concepts and practices that will be of valuable use to you and your organization.
Who should attend
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
- IT Managers
- Information Security Managers
- Security Consultants
- Security Architects
- Security Specialists
- Network Specialists
- Network Engineers
- System Administrators
- IS Auditors
Anyone aspiring for a career in Information Security would benefit from this course. The program is restricted to participants who have completed CEH.
Course Outline
ECSA curriculum consists of instructor-led training and self-study modules. The instructor will provide the details of self-study modules to the students at the beginning of the class.
Module 1: The Need for Security Analysis
Module 2: Advanced Googling
Module 3: TCP/IP Packet Analysis
Module 4: Advanced Sniffing Techniques
Module 5: Vulnerability Analysis with Nessus
Module 6: Advanced Wireless Testing
Module 7: Designing a DMZ
Module 8: Snort Analysis
Module 9: Log Analysis
Module 10: Advanced Exploits and Tools
Module 11: Penetration Testing Methodologies
Module 12: Customers and Legal Agreements
Module 13: Rules of Engagement
Module 14: Penetration Testing Planning and Scheduling
Module 15: Pre Penetration Testing Checklist
Module 16: Information Gathering
Module 17: Vulnerability Analysis
Module 18: External Penetration Testing
Module 19: Internal Network Penetration Testing
Module 20: Routers and Switches Penetration Testing
Module 21: Firewall Penetration Testing
Module 22: IDS Penetration Testing
Module 23: Wireless Network Penetration Testing
Module 24: Denial of Service Penetration Testing
Module 25: Password Cracking Penetration Testing
Module 26: Social Engineering Penetration Testing
Module 27: Stolen Laptop, PDAs and Cell phones Penetration Testing
Module 28: Application Penetration Testing
Module 29: Physical Security Penetration Testing
Module 30: Database Penetration testing
Module 31: VoIP Penetration Testing
Module 32: VPN Penetration Testing
Module 33: War Dialing
Module 34: Virus and Trojan Detection
Module 35: Log Management Penetration Testing
Module 36: File Integrity Checking
Module 37: Blue Tooth and Hand held Device Penetration Testing
Module 38: Telecommunication and Broadband Communication Penetration Testing
Module 39: Email Security Penetration Testing
Module 40: Security Patches Penetration Testing
Module 41: Data Leakage Penetration Testing
Module 42: Penetration Testing Deliverables and Conclusion
Module 43: Penetration Testing Report and Documentation Writing
Module 44: Penetration Testing Report Analysis
Module 45: Post Testing Actions
Module 46: Ethics of a Licensed Penetration Tester
Module 47: Standards and Compliance