About the EC-Council Certified Security Analyst (Practical)

The preparatory course for this certification is the EC-Council Certified Security Analyst (ECSA) course. While there is no additional course or training required after the ECSA, we strongly recommend that you attempt the ECSA (Practical) exam only if you have attended the current ECSA course/equivalent. The aim of this credential is to help set gifted penetration testing practitioners apart from the crowd.

ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are confi­gured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.

The ECSA (Practical) tests your ability to perform threat and exploit research, understand exploits in the wild, write your own exploits, customize payloads, and make critical decisions at different phases of a pen testing engagement that can make or break the whole assessment. You will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.

Objective