Programm
- Need for Security Analysis
- Computer Security Concerns
- Information Security Measures
- Risk Analysis
- Hardening Security
- Security Policies
- Sample Policies
- Information Security Standards
- Information Security Acts and Laws
- TCP/IP Packet Analysis
- Introduction to TCP/IP
- TCP/IP Connection
- Introduction to IPv6
- TCP/IP Security
- Internet Control Message Protocol (ICMP)
- TCP/IP in Mobile Communications
- Penetration Testing Methodologies
- Introduction to Penetration Testing
- Types of Penetration Testing
- Phases of Penetration Testing
- Penetration Testing Consultants
- Ethics of a Licensed Penetration Tester
- Communication Skills of a Penetration Tester
- LPT Audited Logos
- Customers and Legal Agreements
- Why Do Organizations Need Pen Testing?
- Penetration Testing ‘Rules of Behavior’
- Legal Issues in Penetration Testing
- How Much to Charge?
- Rules of Engagement
- Rules of Engagement (ROE)
- Clauses in ROE
- Steps for Framing ROE
- Penetration Testing Planning and Scheduling
- Test Plan and Its Purpose
- Content of a Test Plan
- Building a Penetration Test Plan
- Test Plan Identifier
- Test Deliverables
- Penetration Testing Planning Phase Define the Pen Testing Scope
- Staffing
- Kickoff Meeting
- Develop the Project Plan
- Pre-penetration Testing Steps
- Pre-penetration Testing Steps
- Information Gathering
- What Is Information Gathering?
- Information Gathering Terminologies
- Information Gathering Steps
- Vulnerability Analysis
- What Is Vulnerability Assessment?
- Why Assessment
- Vulnerability Classification
- Types of Vulnerability Assessment
- How to Conduct a Vulnerability Assessment
- How to Obtain a High Quality Vulnerability Assessment
- Vulnerability Assessment Phases
- Vulnerability Analysis Stages
- Comparing Approaches to Vulnerability Assessment
- Characteristics of a Good Vulnerability Assessment Solution
- Vulnerability Assessment Considerations
- Vulnerability Assessment Reports
- Vulnerability Report Model
- Timeline
- Types of Vulnerability Assessment Tools
- Choosing a Vulnerability Assessment Tool
- Criteria for Choosing a Vulnerability Assessment Tool
- Best Practices for Vulnerability Assessment Tools
- Vulnerability Assessment Tools
- Report
- Vulnerability Analysis Chart
- External Penetration Testing
- External Intrusion Test and Analysis
- Why Is It Done?
- Client Benefits
- External Penetration Testing
- Steps for Conducting External Penetration Testing
- Recommendations to Protect Your System from External Threats
- Internal Network Penetration Testing
- Internal Testing
- Steps for Internal Network Penetration Testing
- Recommendations for Internal Network Penetration Testing+
- Firewall Penetration Testing
- What Is a Firewall?
- What Does a Firewall Do?
- Packet Filtering
- What Can’t a Firewall Do?
- How Does a Firewall Work?
- Firewall Logging Functionality
- Firewall Policy
- Periodic Review of Information Security Policies
- Firewall Implementation
- Build a Firewall Ruleset
- Maintenance and Management of Firewall
- Hardware Firewall
- Software Firewall
- Types of Firewalls
- Firewall Penetration Testing Tool: Firewall Test Agent
- Firewall Penetration Testing Tools
- Firewall Ruleset Mapping
- Best Practices for Firewall Configuration
- Steps for Conducting Firewall Penetration Testing
- Document Everything
- IDS Penetration Testing
- Introduction to IDS
- Application-based IDS
- Multi-Layer Intrusion Detection Systems
- Multi-Layer Intrusion Detection System Benefits
- Wireless Intrusion Detection Systems (WIDSs)
- Common Techniques Used to Evade IDS Systems
- IDS Penetration Testing Steps
- Recommendations for IDS Penetration Testing
- Password Cracking Penetration Testing
- Password - Terminology
- Importance of Passwords
- Password Types
- Common Password Vulnerabilities
- Password Cracking Techniques
- Types of Password Attacks
- How Are Passwords Stored in Windows?
- LM Authentication
- NTLM Authentication
- Kerberos Authentication
- LM, NTLMv1, and NTLMv2
- How Are Passwords Stored in Linux?
- Steps for Password Cracking Penetration Testing
- Social Engineering Penetration Testing
- What Is Social Engineering?
- Social Engineering Pen Testing
- Impact of Social Engineering on the Organization
- Common Targets of Social Engineering
- Requirements of Social Engineering
- Steps in Conducting Social Engineering Penetration Test
- Web Application Penetration Testing
- Introduction to Web Applications
- Web Application Components
- Web App Pen Testing Phases
- Testing for Web Server Vulnerabilities
- Testing Configuration Management
- Testing for Client-side Vulnerabilities
- Testing Authentication Mechanism
- Testing Session Management Mechanism
- Testing Authorization Controls
- Testing Data Validation Mechanism
- Testing Web Services
- Testing for Logic Flaws
- SQL Penetration Testing
- Introduction to SQL Injection
- How Do Web Applications Work?
- How Does SQL Injection Work?
- SQL Injection Attack Paths
- Impact of SQL Injection Attacks
- Types of SQL Injection Attacks
- SQL Injection Attack Characters
- SQL Injection Cheat Sheet
- SQL Injection Penetration Testing Steps
- Best Practices to Prevent SQL Injection
- Penetration Testing Reports and Post Testing Actions
- Penetration Testing Deliverables
- Writing Pen Testing Report
- Pen Testing Report Format
- Result Analysis
- Post Testing Actions
- Report Retention
- Self-Study Module
- Router and Switches Penetration Testing
- Wireless Network Penetration Testing
- Denial-of Service
- Stolen Laptop, PDA's, Cell Phones Penetration Testing
- Source Code Penetration Testing
- Physical Security Penetration Testing
- Surveillance Camera Penetration Testing
- Database Penetration Testing
- VoILP Penetration Testing
- VPN Penetration Testing
- Cloud Penetration Testing
- Virtual Machine Penetration Testing
- War Dialing
- Virus and Trojan Detection
- Log Management Penetration Testing
- File Integrity Checking
- Mobile Devices Penetration Testing
- Telecommunication and Broadband Communication Penetration Testing
- Email Security Penetration Testing
- Security Patches Penetration Testing
- Data Leakage Penetration Testing
- SAP Penetration Testing
- Standards and Compliance
- Information System Security Principles
- Information System Incident Handling and Response
- Information System Auditing and Certification
Ziele
Im fünftägigen EC-Council Certified Security Analyst (ECSA) Kurs lernen Sie, sich als Penetration Tester zu spezialisieren. Der interaktive und praxisnahe Kurs verwendet EC-Council iLabs und bringt Ihnen bei, Penetration Tests durchzuführen, indem eine realistische Security Umgebung simuliert wird. Sie lernen außerdem, wie Sie diese Fähigkeiten bestmöglich einsetzen, um Ihr Unternehmen gegen Angriffe von Aussen zu schützen und zu verteidigen.
Die vermittelten Fähigkeiten als Penetration Tester können in vielen modernen Infrastrukturen, Betriebssystemen und Applikationsumgebungen angewendet werden.
Die Module im Lehrplan umfassen:
Hinweis zu den Seminarzeiten - zum Seminarablauf:
DOWNLOAD CERTIFICATION TRACK
Die vermittelten Fähigkeiten als Penetration Tester können in vielen modernen Infrastrukturen, Betriebssystemen und Applikationsumgebungen angewendet werden.
Die Module im Lehrplan umfassen:
- Analyse von Schwachstellen
- SQL Penetration Tests
- Database Penetration Tests
- Cloud Penetration Tests
Hinweis zu den Seminarzeiten - zum Seminarablauf:
- der Theorieteil wird jeweils vormittags durchgearbeitet
- die Theorie wird jeweils am Nachmittag in die Praxis umgesetzt
- die Seminarzeiten sind Montag bis Freitag jeweils 9:00 - 17:00h
- es wird täglich ein entsprechender Bericht gefertigt, der am Freitag zusammengefaßt an EC-Council gesendet wird. Dieser Bericht ist notwendig für die Prüfungsanmeldung
DOWNLOAD CERTIFICATION TRACK
Voraussetzungen
Für dieses Seminar werden folgende Kenntnisse empfohlen:
- Erfahrungen mit Windows und/oder Unix/Linux
- gute Kenntnisse von TCP/IP und Netzwerken
- der Besuch des Seminars ETHACK EC-Council Certified Ethical Hacking wird empfohlen ist jedoch nicht verpflichtend.