Description

Module 1: Soft Skills and Assessment Management
Lessons:
Engagement Lifecycle
Law and Compliance
Scoping
Understanding, Explaining and Managing Risk
Record Keeping, Interim Reporting and Final Results
Review Questions

Module 2: Core Technical Skills
Lessons:
IP Protocols
Network Architectures
Network mapping and Target Identification
Filtering Avoidance Techniques
OS Fingerprinting
Application Fingerprinting and Evaluating Unknown Services
Cryptography
Applications of Cryptography
File System Permissions
Audit Techniques
Review Questions

Module 3: Background Information Gathering and Open Source
Lessons:
Registration Records
Domain Name Server (DNS)
Google Hacking and Web Enumeration
Information Leakage from Mail Headers
Review Questions

Module 4: Networking Equipment
Lessons:
Management Protocols
Network Traffic Analysis
Networking Protocols
IPsec
VoIP
Wireless
Configuration Analysis
Review Questions

Module 5: Microsoft Windows Security Assessment
Lessons:
Domain Reconnaissance
User Enumeration
Active Directory
Windows Passwords
Windows Vulnerabilities
Windows Patch Management Strategies
Desktop Lockdown
Exchange
Common Windows Applications
Review Questions

Module 6: UNIX Security Assessment
Lessons:
User Enumeration
UNIX/Linux Vulnerabilities
FTP
Sendmail/SMTP
Network File System (NFS)
R-Services
X11
RPC Services
SSH
Review Questions

Module 7: Web Technologies
Lessons:
Web Server Operation & Web Servers and Their Flaws
Web Enterprise Architectures
Web Protocols
Web Markup Languages
Web Programming Languages
Web Application Servers
Web APIs
Web Sub-Components
Review Questions

Module 8: Web-Testing Methodologies
Lessons:
Web Application Reconnaissance
Threat Modelling and Attack Vectors
Information gathering from Web Mark-up
Authentication Mechanisms
Authorisation Mechanisms
Input Validation
Information Disclosure in Error Messages
Use of Cross Site Scripting (XSS)
Use of Injection Attacks
Session Handling
Encryption
Source Code Review
Review Questions

Module 9: Web Testing Techniques
Lessons:
Web Site Structure Discovery
Cross Site Scripting Attacks
SQL Injection
Parameter Manipulation
Review Questions

Module 10: Databases
Lessons:
Databases
Microsoft SQL Server
Oracle RDBMS
MySQL
Review Question

Audience Profile

• Penetration Tester
• Ethical hackers
• Red Team members
• Vulnerability Tester
• Security Analyst
• Vulnerability Assessment Analyst
• Network Security Operations

Prerequisites

Basic familiarity with Information Security.

Accreditation

On-Demand

On-Demand Training (Elearning) includes:

• Course Access: 1 Year
• 100% online course
• Instructor Email and One-To-One Online Support
• Mock Exam Preparation tests
• Student Community

What is included

Online and classroom delivery includes:

• 5 Days of Instructor Training
• Bonus: On-Demand Training (Elearning) Course
• CREST Exam Voucher is not included and can be purchased by ICSI upon request

Testimonials

You're in safe hands with ICSI. The combined knowledge of the business owners and course runners is second to none. The course material and access to labs are relevant to the CPSA exam. ICSI really care about their students and getting them to pass their exam is the number one priority. I feel really looked after.
--Joel Babb

Exam Information

Please visit CPSA FAQs - CREST (crest-approved.org) for more information

Learning Outcomes

The examination covers a common set of core skills and knowledge. The candidate must demonstrate that they have the knowledge to perform basic infrastructure and web application vulnerability scans using commonly available tools and to interpret the results to locate security vulnerabilities.