+31 (0) 299 462 825

Certified Security Analyst

ECSA banner

The ECSA program offers a seamless learning progress continuing where the CEH program left off. The new ECSAv10 includes updated curricula and an industry recognized comprehensive step-by-step penetration testing methodology. This allows a learner to elevate their ability in applying new skills learned through intensive practical labs and challenges.

Unlike most other pen testing programs that only follow a generic kill chain methodology; the ECSA presents a set of distinguishable comprehensive methodologies that are able to cover different pentesting requirements across different verticals.

It is a highly interactive, comprehensive, standards based, intensive 5-days training program that teaches information security professionals how professional real-life penetration testing are conducted.


This course is a part of the VAPT Track of EC-Council. This is a “Professional” level course, with the Certified Ethical Hacker being the “Core” and the Licensed Penetration Tester being the “Master” level certification.

In the new ECSAv10 course, students that passes the knowledge exam are given an option to pursue a fully practical exam that provides an avenue for them to test their skills, earning them the ECSA (Practical) credential. This new credential allows employers to validate easily the skills of the student.


Ethical Hackers, Penetration Testers Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.


Exam title: EC-Council Certified Security Analyst v10
Number of Questions: 150 MCQ
Duration: 4 hours
Passing score: 70%
Delivery: ECC exam


Core Modules
Module 1 : Introduction to Penetration Testing and Methodologies
Module 2 : Penetration Testing Scoping and Engagement Methodology
Module 3 : Open Source Intelligence (OSINT) Methodology
Module 4 : Social Engineering Penetration Testing Methodology
Module 5 : Network Penetration Testing Methodology – External
Module 6 : Network Penetration Testing Methodology – Internal
Module 7 : Network Penetration Testing Methodology – Perimeter Devices
Module 8 : Web Application Penetration Testing Methodology
Module 9 : Database Penetration Testing Methodology
Module 10 : Wireless Penetration Testing Methodology
Module 11 : Cloud Penetration Testing Methodology
Module 12 : Report Writing and Post Testing Actions

COURSE PLAN (continued)

Self-study Modules
Module 1 : Penetration Testing Essential Concepts
Module 2 : Password Cracking Penetration Testing
Module 3 : Denial-of-Service Penetration Testing
Module 4 : Stolen Laptop, PDAs and Cell Phones Penetration Testing
Module 5 : Source Code Penetration Testing
Module 6 : Physical Security Penetration Testing
Module 7 : Surveillance Camera Penetration Testing
Module 8 : VoIP Penetration Testing
Module 9 : VPN Penetration Testing
Module 10 : Virtual Machine Penetration Testing
Module 11 : War Dialing
Module 12 : Virus and Trojan Detection
Module 13 : Log Management Penetration Testing
Module 14 : File Integrity Checking
Module 15 : Telecommunication and Broadband Communication
Module 16 : Email Security Penetration Testing
Module 17 : Security Patches Penetration Testing
Module 18 : Data Leakage Penetration Testing
Module 19 : SAP Penetration Testing
Module 20 : Standards and Compliance
Module 21 : Information System Security Principles
Module 22 : Information System Incident Handling and Response
Module 23 : Information System Auditing and Certification


This course is also available as a self-study package in iClass. Ask your learning provider or contact us.