You are an ethical hacker. In fact, you are a Certified Ethical Hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep. You have sufficient knowledge and an arsenal of hacking tools and you are also proficient in writing custom hacking code.

Is that enough?

Can you become an industry accepted security professional? Will organizations hire you to help them protect their systems? Do you have any knowledge in applying a suitable methodology to conduct a penetration test for an enterprise client?

About The Course

The ECSA penetration testing certification is a security credential like no other!

The ECSA penetration testing course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

About the ProgramAbout the ExamCourse OutlineWho Is It For?

About the Program

The ECSA pentest program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in the CEH by utilizing EC-Council’s published penetration testing methodology

  • Focuses on pentesting methodology with an emphasis on hands-on learning
  • The exam will now have a prerequisite of submitting a pentesting report
  • The goal of these changes is to make passing ECSA more difficult; therefore making it a more respected certification

About the Exam

From the commencement of the 5 day class and the activation of the ECSA Dashboard on ASPEN, you will have 60 days in total to submit your penetration testing report based on the challenge scenario to EC-Council, which will prove that you undestand the concepts thought in the course. This is the eligibility criterion to enable you to challenge the ECSA exam.

The Final ECSA Exam is a Multiple Choice Question Exam.

You will have 60 days to submit your pentesting report at your Aspen Dashboard.

You will have 30 days to complete your pentesting challenges at the iLabs portal.

The ECSA v9 exam includes 2 required stages.

Report writing stage requires candidates to perform various penetration testing exercises on EC-Council’s iLabs before submitting a penetration test report to EC-Council for assessment. Candidates that submit reports to the required standards will be provided with exam vouchers for the multiple choice exam.

Multiple choice exams are proctored online through the EC-Council Exam portal:

ECSA v9 Exam info:

  • Credit Towards Certification: ECSA v9
  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration: 4 Hours

Course Outline

  • Security Analysis and Penetration Testing Methodologies
  • TCP IP Packet Analysis
  • Pre-penetration Testing Steps
  • Information Gathering Methodology
  • Vulnerability Analysis
  • External Network Penetration Testing Methodology
  • Internal Network Penetration Testing Methodology
  • Firewall Penetration Testing Methodology
  • IDS Penetration Testing Methodology
  • Web Application Penetration Testing Methodology
  • SQL Penetration Testing Methodology
  • Database Penetration Testing Methodology
  • Wireless Network Penetration Testing Methodology
  • Mobile Devices Penetration Testing Methodology
  • Cloud Penetration Testing Methodology
  • Report Writing and Post Test Actions

Who Is It For?

  • Ethical Hackers
  • Penetration Testers
  • Network server administrators
  • Firewall Administrators
  • Security Testers
  • System Administrators and Risk Assessment professionals

Need Training?

EC-Council’s Official delivery platform includes your exam, iLabs (online labs) and gives you the most flexible options for training to fit your busy work schedule! With this option, you will not have to apply and prove 2 years IT Security experience to test.



1. Do I need CEH to enroll for ECSA course?

You do not need to be certified with CEH in order enroll for ECSA course. However, CEH is strongly recommended. If you do not have core ethical hacking skills, this course is not for you.

2. When is my Penetration Testing Report due?

Please note that upon activation of your ECSA Dashboard, your ilabs Access timer will commence and the access will terminate within 30 days thereon. As such, you will have 30 days from thereon to complete your penetration testing activities on the EC-Council iLabs Cyber Range.

You must submit your final report on the ASPEN portal within 60 days of the activation of your ECSA Dashboard and ONLY if your report is approved, will you be issued with an exam voucher code (with the validity period of one year from the date of release) to allow you to attempt the final ECSA multiple choice exam.

3. When must I take the ECSA exam?

You must challenge the exam within 3 months from the date you receive your exam voucher.

4. How do I access my 30 DAY iLabs Access?

To activate your ECSA Practical Range, you will need to login to iLabs and access the ECSA Practical course assignment.

Click HERE to register an account: (In the event you already have an iLabs account; you are still required to register a new account in order to activate your ECSA Cyber Range)

Once you have created an iLabs account, you will need to redeem your iLabs access code under the “My Training” tab in iLabs after logging in. Your iLabs access code will be sent to your registered email id upon activation of the ECSA dashboard, The iLabs access is valid for 30 days upon activation.

5. How do I register for an ASPEN account?

Step 1: Visit:

Step 2: Click Register and fill out the registration form. Click Register button.

Step 3: Using the email you provided in step 2, follow the instructions in the auto-generated email to activate your EC-Council Aspen Portal account.

6. How do I submit my Final Penetration Testing Report?

Step 1: Login to your Aspen account

Step 2: Click on ECSA v9 Dashboard

Step 3: Click on Submit Assignment

Step 4: Upload your report and click Submit

A notification will appear on the screen that your report has been successfully submitted. The same notification will be sent by Aspen to your email.

7. When will I know if my report meets the exam requirement?

EC-Council decision will be sent out within 7 working days from the date of report submission.

8. How many days do I have to complete my exams (both report submission and multiple choice exam)?

You have 60 days from the activation of your ECSA Dashboard to complete and submit your penetration testing report. As for the multiple choice exam, you have 90 days from the date your report is approved to complete the multiple choice exam.

9. What if my penetration test report does not meet the minimum requirement?

You can resubmit another report by purchasing the retake package (consists of a 60 day report submission access and/or iLabs access (60 days) – depending on the package).