Course: CREST CPSA Exam Preparation

The CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, which is an entry level qualification that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level below that; of the main CRT and CCT qualifications.

Module 1: Soft Skills and Assessment Management

Lessons:

• Engagement Lifecycle
• Law and Compliance
• Scoping
• Understanding, Explaining and Managing Risk
• Record Keeping, Interim Reporting and Final Results

Review Questions

Module 2: Core Technical Skills

Lessons:

• IP Protocols
• Network Architectures
• Network mapping and Target Identification
• Filtering Avoidance Techniques
• OS Fingerprinting
• Application Fingerprinting and Evaluating Unknown Services
• Cryptography
• Applications of Cryptography
• File System Permissions
• Audit Techniques

Review Questions

Module 3: Background Information Gathering and Open Source

Lessons:

• Registration Records
• Domain Name Server (DNS)
• Google Hacking and Web Enumeration
• Information Leakage from Mail Headers

Review Questions

Module 4: Networking Equipment

Lessons:

• Management Protocols
• Network Traffic Analysis
• Networking Protocols
• IPsec
• VoIP
• Wireless
• Configuration Analysis

Review Questions

Module 5: Microsoft Windows Security Assessment

Lessons:

• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Passwords
• Windows Vulnerabilities
• Windows Patch Management Strategies
• Desktop Lockdown
• Exchange
• Common Windows Applications

Review Questions

Module 6: UNIX Security Assessment

Lessons:

• User Enumeration
• UNIX/Linux Vulnerabilities
• FTP
• Sendmail/SMTP
• Network File System (NFS)
• R-Services
• X11
• RPC Services
• SSH

Review Questions

Module 7: Web Technologies

Lessons:

• Web Server Operation & Web Servers and Their Flaws
• Web Enterprise Architectures
• Web Protocols
• Web Markup Languages
• Web Programming Languages
• Web Application Servers
• Web APIs
• Web Sub-Components

Review Questions

Module 8: Web-Testing Methodologies

Lessons:

• Web Application Reconnaissance
• Threat Modelling and Attack Vectors
• Information gathering from Web Mark-up
• Authentication Mechanisms
• Authorisation Mechanisms
• Input Validation
• Information Disclosure in Error Messages
• Use of Cross Site Scripting (XSS)
• Use of Injection Attacks
• Session Handling
• Encryption
• Source Code Review

Review Questions

Module 9: Web Testing Techniques

Lessons:

• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Parameter Manipulation

Review Questions

Module 10: Databases

Lessons:

• Databases
• Microsoft SQL Server
• Oracle RDBMS
• MySQL

Review Questions

Course: CREST CRT Exam Preparation

The CREST Registered Penetration Tester examination is recognized by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

Module 1: Core Technical Skills

Labs:

• Network Mapping and Target Identification
• Interpreting Tool Output
• OS Fingerprinting
• Application Fingerprinting and Evaluating Unknown Services
• File System Permissions

Module 2: Background Information gathering and Open Source

Labs:

• Domain Name Server (DNS)

Module 3: Networking Equipment

Labs:

• Management Protocols

Module 4: Microsoft Windows Security Assessment

Labs:

• Domain Reconnaissance and Active Directory
• User Enumeration
• Windows Vulnerabilities and Common Windows Applications

Module 5: UNIX Security Assessment

Labs:

• User Enumeration
• UNIX Vulnerabilities
• FTP
• Sendmail/SMTP
• Network File System (NFS)
• R-Services
• X11
• RPC Services
• SSH

Module 6: Web Technologies

Labs:

• Web Server Operation
• Web Servers and Their Flaws
• Web Protocols
• Web Application Servers

Module 7: Web Testing Techniques

Labs:

• Web Site Structure Discovery
• Cross Site Scripting Attacks
• SQL Injection
• Parameter Manipulation

Module 8: Databases

Labs:

• Microsoft SQL Server
• Oracle RDBMS
• MySQL

Candidates over the age of 18 are eligible to enrol in the programme, having minimum 1-2 years working experience in a related field and can demonstrate good knowledge of the English language.

The CREST CRT certification is granted to all who have obtained the following two certifications.

1. CREST Practitioner Security Analyst (CPSA)
2. CREST Registered Penetration Tester (CRT)

Yes. This programme is 100% online. Students can do it from the comfort of their own home or wherever they have a computer and internet.

CREST Practitioner Security Analyst

The examination is a multiple choice written assessment and is a pre-requisite for sitting the CREST Registered Penetration Tester examination.  The examination is delivered at Pearson Vue test centres.

CREST Registered Penetration Tester

The CREST Registered penetration tester exam is a practical assessment where the candidate will be expected to find known vulnerabilities across common network, application and database technologies and a multiple choice section aimed at assessing the candidates technical knowledge and is delivered at a CREST examination centre.