Certified Security Analyst (ECSA)
Credential: Certified Security Analyst (ECSA)
Credentialing Agency: International Council of Electronic Commerce Consultants (EC-Council)
Renewal Period: 3 years
The International Council of Electronic Commerce Consultants (EC-Council), EC Council Certified Security Analyst (ECSA) credential validates the skills-based competency of a penetration tester. The ECSA, which builds on the Certified Ethical Hacker skills, covers the testing of modern infrastructures, operating systems, and application environments. Candidates must meet a combination of training and experience requirements. Candidates must pass a written exam.
More information can be found on the certifying agency's website.
Certified Security Analyst (ECSA)
MINIMUM REQUIREMENTS
Attainability:
Eligibility Requirements (View Details)
- Credential Prerequisite
- Experience: 2 years
- Education
- Training
- Membership
- Other
- Fee
Note: This credential may have multiple options for a Service member to meet eligibility requirements. Requirements listed here are based on the minimum degree required. To view other options, see the Eligibility tab.
Exam Requirements (View Details)
- Exam
- Written Exam
- Oral Exam
- Practical Exam
- Performance Assessment
Exam Administration (View Details)
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
RECERTIFICATION SUMMARY
Renewal Period: 3 years
AGENCY CONTACT INFORMATION
International Council of Electronic Commerce Consultants (EC-Council)
101C Sun Avenue NE
Albuquerque, NM 87109
Phone: 1-844-662-3509
Email: Johanna.pirolo@eccouncil.org
Training and/or Experience REQUIREMENTS
Candidate must have attended an official ECSA instructor-led online live training course, academic learning, or been certified in a previous version of the credential.
Option 2:Candidate must have at least two years of information security related experience.
Other REQUIREMENTS
The Certified Security Analyst (ECSA) credential has the following other requirements:
- Candidate must be at least 18 years of age unless he or she provides the accredited training center/EC-Council a written consent of parent/legal guardian and a supporting letter from institution of higher learning. Only candidates from nationally accredited institution of higher learning shall be considered.
Written Exam
-
Penetration Testing Essential Concepts
- Computer Network Fundamentals
- Network Security Controls and Devices
- Windows and Linux Security
- Web Application and Web Server Architecture and Operations
- Web Application Security Mechanisms
- Information Security Attacks
- Information Security Standards
-
Penetration Testing Scoping and Rules and Engagement
- Penetration Testing Process and Methodologies & Benefits
- Types, Areas and Selection of Pentesting
-
Penetration Testing Scoping and Engagement Methodology
- Penetration Testing Scoping and Rules and Engagement
- Penetration Testing Engagement Contract and Preparation
-
Open-Source Intelligence (OSINT) Methodology
- Open-Source Intelligence (OSINT) Methodology
- Automating your OSINT Effort Using Tools/Frameworks/Scripts
-
Social Engineering Penetration Testing Methodology
- Social Engineering Penetration Testing Techniques & Steps
- Social Engineering Penetration testing using E
-
External Network Information & Reconnaissance
- External Network Information & Reconnaissance
- Scanning, and Exploitation
-
Network Penetration Testing Methodology – Internal
- Internal Network Information Reconnaissance and Scanning
- Internal Network Enumeration and Vulnerability Scanning
- Local and Remote System Exploitation
-
Network Penetration Testing Methodology - Perimeter Devices
- Firewall Security Assessment Techniques
- iDs Security Assessment Techniques
- Router and Switch Security Assessment Techniques
-
Web Application Penetration Testing Methodology
- Web Application Content Discovery and Vulnerability Scanning
- SQL Injection Vulnerability Penetration Testing
- XSS, Parameter Tampering, WeakCryptography, Security Misconfiguration and Client side scripting, vulnerabilities penetration techniques
- Authentication, Authorization, session, Web Server Vulnerabilities Penetration Testing
-
Database Penetration Testing Methodology
- Database Penetration Testing Techniques & Information Reconnaissance
- Database Enumeration & Exploitation
-
Wireless Penetration Testing Methodology
- WLAN Penetration Testing Techniques
- RFID and NFC Penetration Testing Techniques
- Mobile Device Penetration Testing Techniques
- loT Penetration Testing Techniques
-
Cloud Penetration Testing Methodology
- Cloud Specific Penetration Testing Techniques and Recommendations
- Cloud Specific Penetration Testing Methods
-
Report Writing and Post Testing Actions
- Penetration Testing Report Writing Process
- Penetration Testing Reporting Formats
Exam Preparation Resources
There are a number of resources available to help you prepare for the Certified Security Analyst (ECSA) examination:
- Best Sources
- Related Courses
An additional resource is O'Reilly Learning Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources section on the Related Sites page here on COOL to learn how to get free access.
Testing Information
-
Exam Administration
Credential exams may be administered in-person at a testing site, proctored on-line remotely, or have options for both. If an exam is administered through a test vendor, the third-party test vendor box will be checked. The following test administration options apply to the Certified Security Analyst (ECSA) credential where checked:
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor
For more information on the International Council of Electronic Commerce Consultants (EC-Council) testing process, visit the agency website.
-
Third-Party Test Vendor Information
Testing for this credential is handled by the following vendors:
Pearson VUE
The test centers are located in the U.S. They also have some test centers on military bases.
To find out more, use the following links on the Pearson VUE website:
- Search for Testing Program
- Learn About Testing for Military Communities
- Agency/Certification Specific Testing Information
- Contact Pearson VUE
ProctorU
The test centers are located in the U.S.
To find out more, use the following links on the ProctorU website:
RECERTIFICATION
Certified Security Analyst (ECSA)
Renewal Period: 3 years