courses-BG-01

ECSA Practical

EC-Council Certified Security Analyst (Practical)

ECSA (Practical)

about-us-section-divider

About the EC-Council Certified Security Analyst (Practical)

ECSA (Practical) is a 12-hour, rigorous practical exam built to test your penetration testing skills.
ECSA (Practical) presents you with an organization and its network environment, containing multiple hosts. The internal network consists of several subnets housing various organizational units. It is made up of militarized and demilitarized zones, connected with a huge pool of database servers in a database zone. As a security precaution, and by design, all the internal resource zones are confi­gured with different subnet IPs. The militarized zone houses the domain controllers and application servers that provide application frameworks for various departments of the organization.

The candidates are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program, and are required to perform a comprehensive security audit of an organization, just like in the real world. You will start with challenges requiring you to perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch, and post exploitation maneuvers.

The World’s First Penetration Testing Industry Readiness Assessment That Is 100% Verified, Online, Live, Proctored!

The ECSA (Practical) tests your ability to perform threat and exploit research, understand exploits in the wild, write your own exploits, customize payloads, and make critical decisions at different phases of a pen testing engagement that can make or break the whole assessment. You will also be required to create a professional pen testing report with essential elements and guidance for the organization in the scenario to act on.

ECSA (Practical) Credential Holders Are Proven To Be Able To:

  • Perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch and post exploitation maneuvers.
  • Customize payloads
  • Make critical decisions at different phases of a pen-testing engagement
  • Perform advanced network scans beyond perimeter defenses
  • Perform automated and manual vulnerability analysis
  • Customization, launch, and post exploitation maneuvers
  • Perform a full fledged Penetration Testing engagement
  • Create a professional pen-testing report
  • Demonstrate the application of penetration testing methodology presented in the ECSA program

ECSA (Practical) Training Program: Penetration Testing

The preparatory course for this certification is the EC-Council Certified Security Analyst (ECSA) course. While there is no additional course or training required after the ECSA, we strongly recommend that you attempt the ECSA (Practical) exam only if you have attended the current ECSA course/equivalent. The aim of this credential is to help set gifted penetration testing practitioners apart from the crowd.

Who Is It For?Eligibility CriteriaApplication ProcessExam Sanctity

Who Is It For?

  • Ethical Hackers
  • Penetration Testers
  • Network server administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment professionals

Eligibility Criteria:

To be eligible to apply to sit for the ECSA (Practical) Exam, candidate must either:

  • Be an ECSA (any version) member in good standing (Your USD 100 application fee will be waived);
  • or Have a minimum of 2 years working experience in InfoSec domain (You will need to pay USD 100 as a non-refundable application fee);
  • or Have any other industry equivalent certifications such as OSCP or GPEN cert (You will need to pay USD 100 as a non-refundable application fee).

Application Process

  • Applicants must apply directly to EC-Council via the online web form Click here
  • If further information is requested from the applicant after the application is submitted and 90 days pass with no response from the applicant, the application will be automatically rejected and a new form will have to be submitted.
  • On an average an application processing time would be between 5-10 working days once the verifiers on the application respond to EC-Council’s requests for information.
  • On the application, there is a section for the applicant to list a boss, supervisor, or department lead who will act as their verifier. EC-Council reaches out to the listed verifier to confirm the applicant’s experience.
  • If the application is approved, the applicant will be sent instructions on purchasing the exam kit from EC-Council directly.
  • If application is not approved, the application fee of USD 100 will not be refunded.
  • The approved application is valid for 3 months from the date of approval so the candidate must purchase the exam kit worth $600 within 3 months. After the kit is released, the applicant has 3 months to use the codes.
  • Should you require the exam code validity to be extended, kindly contact [email protected] before the expiry date. Only valid/ active codes can be extended.
  • An application extension request will require the approval of the Director of Certification, you can send in your request to [email protected]

Exam Sanctity

The trust that the industry places in our credentials is very important to us. We see it as our duty to ensure that the holders of this credential are proven, “hands on”, penetration testers who are able to perform in the real world to solve real world challenges.

As such, the ECSA (Practical) is designed as a hands-on exam that will test the skills of the penetration tester BEYOND just their knowledge.

This exam is an online, proctored, practical exam that can last up to 12 hours.

We know that travelling to an exam center can be difficult for many. As such, we are pleased to announce that you can take the ECSA (Practical) exam from the comfort of your home, but you need to be prepared to be proctored by a dedicated EC-Council Proctor certification team under strict supervision.

Need Training?

EC-Council’s Official delivery platform includes your study material, iLabs (virtual labs) and gives you the most flexible options for training to fit your busy work schedule!

FREQUENTLY ASKED QUESTIONS

about-us-section-divider

1. What is the eligibility criteria to apply for the ECSA (Practical) exam?

To be eligible to apply to take the ECSA (Practical) Exam, candidate must either:

  • Be an ECSA member in good standing (Your USD100 application fee will be waived);
  • or Have a minimum of 2 years work experience in pentesting (You will need to pay USD100 as a non-refundable application fee);
  • or Have any other industry equivalent certifications such as OSCP or GPEN cert (You will need to pay USD100 as a non-refundable application fee).

2. How long does the application process take?

On an average, application processing time would be between 5-10 working days once the verifiers on the application respond to EC-Council’s requests for information.

3. Is the $100 application fee refundable?

No, the $100 application fee is not refundable

4. For how long is the approved application valid for?

The application process is valid for 3 months from the date of approval.

5. Is the application form mandatory for all test takers?

Yes, the application form is mandatory for all test takers who want to take the exam directly without undergoing training.

6. What is the next step once the application is approved?

Once your application is approved you can proceed to purchase your exam voucher either from EC-Council Online Store or from one of our authorised training channels.

7. What will I receive as part of my purchase towards the ECSA (Practical) exam?

You will receive an Aspen Dashboard access code with instructions as part of your purchase towards the ECSA (Practical) exam.

8. For how long is the Aspen Dashboard access code valid for?

The Aspen Dashboard access code is valid for 3 months from the date of receipt.

9. For how long is the Aspen Dashboard access valid for?

The Aspen Dashboard access is valid for 15 days from the day it is unlocked using a valid key.

10. What does the Dashboard consist of?

The Dashboard consists of:

  • Detailed Instruction guide
  • Exam scheduling service
  • Exam launching service
  • Exam progress tracking
  • Sample report templates
  • Report submission
  • Status of report

11. What is the structure of the exam?

The candidate is required to complete the pen-testing challenge and submit their pen-testing report to complete the exam.

12. What is the duration of the exam?

The exam challenge is a 12-hour session.

13. What is the passing criteria for the exam?

The candidate needs to complete a minimum of 5 out of the 8 challenges successfully in order to pass the ECSA (Practical) Exam.

14. How much notice is required to book the exam session?

Sessions should be booked at least 3 days in advance of the desired exam date.

Note: All exam sessions are proctored by EC-Council Certification department.

15. What are the important things to keep in mind before I schedule my exam?

Once you are ready to proceed with your exam, please ensure you understand the below:

  • Cancellation requests are to be made 24 hours in advance.
  • Rescheduling is possible 72 hours prior to the exam session
  • Candidate has a grace period of 15 minutes to show up for the exam session.
  • After 3 no-show cases, the candidate will be required to seek special permission from the Director – Certification to proceed with their attempt.
  • FAQs on exam proctoring will be available at https://proctor.examspecialists.com/User/FAQ.aspx

16. What is the retake policy?

Retake exam requests can only be purchased by writing to [email protected], should a candidate fail the exam.

Note: The challenges as well as the report are required to be submitted within the 15 days window. This includes re-attempts if any.

17. Can the report submission be extended?

Report submission can be extended for 7 days only, by paying $100 as long as the dashboard is active

Note: Should the dashboard expire the candidate will need to purchase a new kit for $600. (This applies even if the candidate has passed the exam challenge)

18. Is the ECSA (Practical) a part of the EC-Council Continuing Education Scheme?

Yes, the ECSA (Practical) is a part of the EC-Council Continuing Education Scheme.

GET CERTIFIED