Learning Objectives

With the completion of this course, participants will:

• Execute risk-based mitigation strategies for networks, operating systems and applications
• Compiling and tracking vulnerabilities and mitigation results to quantify program effectiveness
• Creating and maintaining vulnerability management policies, procedures and training
• Reviewing and defining requirements for information security solutions
• Organizing network-based scans to identify possible network security attacks and host-based scans to identify vulnerabilities in workstations, servers and other network hosts.

Who Should Attend?

• Professionals who will be pursuing a career in Vulnerability Assessment and Penetration Testing
• Prerequisite: Basic Knowledge of OS, Network Operations.

Prerequisites & Exams

Recommended Prerequisites:

Minimum Diploma Level is recommended.

Before attending this course, students must have:

• Demonstrate familiarity with basic Operating system and Networking concept
• Knowledge to perform basic infrastructure and web application vulnerability scans using commonly available tools and to interpret the results to locate security vulnerabilities.

Certification Exam

The CREST Practitioner Security Analyst (CPSA) is an entry level exam that tests a candidate’s knowledge in assessing operating systems and common network services.

The examination covers a common set of core skills and knowledge. The candidate must demonstrate that they have the knowledge to perform basic infrastructure and web application vulnerability scans using commonly available tools and to interpret the results to locate security vulnerabilities.

CPSA candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 2 years experience).

he CPSA has no pre-requisite but a valid CPSA certification is the pre-requisite for the CRT.

Number of Questions : 120

Duration : 2 Hours

Format : Multiple choice questions

Location : Pearson Vue Testing Center

Passing Score

Successful candidates must score 60% of the available marks. That is:

– at least 72 marks from the written component (possible total: 120 marks)

Course Outline

Day 01

1. Network monitoring and Vulnerability Assessment

• 1.1. Introduction to Vulnerability Assessment
• 1.2. Components of Vulnerability Analysis and Network Monitoring tools
• 1.3. Review of Vulnerable Assessment

2. Vulnerability Assessment and Organisational Impact

• 2.1. Vulnerability Assessment Report
• 2.2. Interpretation of vulnerability scan results
• 2.3. Critical Areas of Assessment

3. Vulnerability Management and Review Techniques

• 3.1. Vulnerability Management
• 3.2. Threat Modelling
• 3.3. Continuous monitoring of attack vectors

Day 02

4. Application Vulnerability assessment

• 4.1. Dynamic Application Review
• 4.2. Static Application Review
• 4.3. Critical Areas of Assessment

5. Penetration Testing Methodologies and Tools

• 5.1. Scope, objective and target of Penetration Test
• 5.2. Configuring the penetration test tools
• 5.3. Perform Penetration Test
• 5.4. Critical Area of Assessment

Day 03

6. Evaluate current systems and tools for emerging threats

• 6.1. Threat Intelligence
• 6.2. Red Teaming
• 6.3. Security and Compliance standards
• 6.4. Security and Compliance templates

7. Penetration Test Reports and Security Improvement

• 7.1. Reports Templates for penetration test results
• 7.2. Configuring Customized Reports
• 7.3. Security Improvement Process Countermeasures