Security Analysis and Penetration Testing (SF) (Synchronous E-Learning)

Cybersecurity

Clientele

Security Analysis and Penetration Testing (SF) (Synchronous E-Learning)

Course Overview

A rigorous pen testing program that, unlike contemporary pen testing courses, teaches you how to perform effective penetration tests across filtered networks. The EC-Council course requires you to pen test IoT systems and OT systems, build your own exploits and tools, conduct advanced binary exploitation, double pivot to access hidden networks, and work with various technologies.

Learning Outcomes

Understand attack vectors, exploiting vulnerabilities, pivoting through networks, and defending systems to improve security posture.

Who Should Attend?

Technical Skills and Knowledge

Learners are recommended to attend Certified Ethical Hacker course prior to attend this course.

Some IT industry work experience or a degree in the IT field.
Some experience with Linux system administration advisable but not required.
Basic understanding of Virtualization, Networking and Databases and Cloud computing.

Working Experience

Recommended to have at least 1 year working experience in IT infrastructure support or IT infrastructure administration.

Course Prerequisite

Participants are recommended to attend CEH course before enrolling for this course.

Potential Roles

Penetration Tester/Consultant/Engineer
Security Penetration Testing Consultant/Architect
Vulnerability Assessment and Penetration Testing (VAPT) Analyst/Engineer
QA Security Tester
Web Application Penetration Tester
Penetration Test Lead
Network Penetration Testing Engineer

Course Outline

Lesson 1: Penetration Testing Essential Concepts

Computer Network Fundamentals
TCP/IP Protocol Suite IP Addressing and Port Numbers
Network Terminology
Network Security Controls
Network Security Devices
Network File System (NFS)
Windows Security
Unix/Linux Security
Virtualization
Web Servers
Web Applications
Web Markup and Programming Languages
Application Development Frameworks and Their Vulnerabilities
Web APIs
Web Subcomponents
Web Application Security Mechanisms
Common Information Security Attacks
Information Security Standards, Laws, and Acts

Lesson 2: Introduction to Penetration Testing and Methodologies

What Is Penetration Testing?
Benefits of Conducting a Penetration Test
ROI of Penetration Testing
How Penetration Testing Differs from Ethical Hacking
Comparing Security Audits, Vulnerability Assessments, and Penetration Testing
Types of Penetration Testing
Penetration Testing: Cost and Comprehensiveness
Selecting an Appropriate Testing Type
Different Methods of Penetration Testing
Selecting the Appropriate Method of Penetration Testing
Common Areas of Penetration Testing
Penetration Testing Phases
Penetration Testing Methodologies
Need for a Methodology
LPT Penetration Testing Methodology
Penetration Testing Essentials

Lesson 3: Penetration Testing Scoping and Engagement Methodology

Penetration Testing: Pre-engagement Activities
Pre-engagement Activities
Request for Proposal (RFP)
Preparing Response Requirements for Proposal Submission
Setting the Rules of Engagement (ROE)
Establishing Communication Lines: Identifying Key Contacts
Timeline
Time/Location
Frequency of Meetings
Time of Day
Identifying Who Can Help You
ROE Document
Handling Legal Issues in Penetration Testing Engagement
Penetration Testing Contract
Preparing for the Test
Handling Scope Creep During Penetration Testing

Lesson 4: Open-Source Intelligence (OSINT) Methodology

OSINT Gathering Steps
OSINT Through the World Wide Web (WWW)
OSINT Through Website Analysis
OSINT Through DNS Interrogation
Automating OSINT Efforts Using Tools, Frameworks, and Scripts

Lesson 5: Social Engineering Penetration Testing Methodology

Social Engineering Penetration Testing
Skills Required to Perform Social Engineering Pen Tests
Common Targets of Social Engineering Pen Tests
Do Remember: Before Conducting a Social Engineering Pen Test
Black Box or White Box?
Social Engineering Penetration Testing Steps
Social Engineering Penetration Testing Using Email Attack Vectors
Social Engineering Penetration Testing Using Telephone Attack Vectors
Social Engineering Penetration Testing Using Physical Attack Vectors

Lesson 6: Network Penetration Testing Methodology – External

Network Penetration Testing
External vs. Internal Penetration Testing
External Network Penetration Testing
Internal Network Penetration Testing
Network Penetration Testing Process
White, Black or Grey-box Network Penetration Testing?
External Network Penetration Testing Steps
Port Scanning
OS and Service Fingerprinting
Vulnerability Research
Exploit Verification

Lesson 7: Network Penetration Testing Methodology – Internal

Internal Network Penetration Testing
Why Conduct Internal Network Penetration Testing?
Internal Network Penetration Testing Steps
Footprinting
Network Scanning
OS and Service Fingerprinting
Enumeration
Vulnerability Assessment
Windows Exploitation
Unix/Linux Exploitation
Other Internal Network Exploitation Techniques
Automating Internal Network Penetration Test Efforts
Post-Exploitation

Lesson 8: Network Penetration Testing Methodology – Perimeter Devices

Steps for Firewall Penetration Testing
Steps for IDS Penetration Testing
Steps for Router Penetration Testing
Steps for Switch Penetration Testing
Assessing Firewall Security Implementation
Assessing IDS Security Implementation
Assessing Router Security
Assessing Switch Security

Lesson 9: Web Application Penetration Methodology

White Box or Black Box?
Web Application Penetration Testing
Web Application Security Framework
Security Framework vs. Vulnerabilities vs. Attacks
Web Application Penetration Testing Steps
Discover Web Application Default Content
Discover Web Application Hidden Content
Conduct Web Vulnerability Scanning
Identify the Attack Surface Area
Tests for SQL Injection Vulnerabilities
Tests for XSS Vulnerabilities
Tests for Parameter Tampering
Tests for Weak Cryptography
Tests for Security Misconfiguration
Tests for Client-Side Scripting Attacks
Tests for Broken Authentication and Authorization Mechanisms
Tests for Broken Session Management Vulnerabilities
Tests for Web Services Security
Tests for Business Logic Flaws
Tests for Web Server Vulnerabilities
Tests for Thick Client Vulnerabilities

Lesson 10: Database Penetration Testing Methodology

Database Penetration Testing Steps
Information Reconnaissance
Database Enumeration: Oracle
Database Enumeration: MS SQL Server
Database Enumeration: MySQL
Vulnerability and Exploit Research
Database Exploitation: Oracle
Database Exploitation: MS SQL Server
Database Exploitation: MySQL

Lesson 11: Wireless Penetration Testing Methodology

Wireless Penetration Testing
WLAN Penetration Testing Steps
RFID Penetration Testing Steps
NFC Penetration Testing Steps
Mobile Device Penetration Testing Steps
IoT Penetration Testing Steps
Wireless Local Area Network (WLAN) Penetration Testing
RFID Penetration Testing
NFC Penetration Testing
Mobile Device Penetration Testing
IoT Penetration Testing

Lesson 12: Cloud Penetration Testing Methodology

Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP among others
Cloud Computing Security and Concerns
Security Risks Involved in Cloud Computing
Role of Penetration Testing in Cloud Computing
Do Remember: Cloud Penetration Testing
Scope of Cloud Pen Testing
Cloud Penetration Limitations
Cloud Specific Penetration Testing
Cloud Reconnaissance
Identify the Type of Cloud to be tested
Identify What to be Tested in Cloud Environment
Identify the Tools for Penetration Test
Identify What Allowed to be Tested in Cloud Environment
Identify Which Tests are Prohibited
AWS’s Provision for Penetration Testing
Azure’s Provision for Penetration Testing
Google Cloud’s Provision for Penetration Testing
Identify Date and Time for Penetration Test
Cloud Specific Penetration Testing
Recommendations for Cloud Testing

Lesson 13: Report Writing and Post Testing Actions

Penetration Testing Deliverables
Goal of the Penetration Testing Report
Types of Pen Test Reports
Characteristics of a Good Pen Testing Report
Writing the Final Report
Document Properties/Version History
Table of Contents/Final Report
Summary of Execution
Scope of the Project
Evaluation Purpose/System Description
Assumptions/Timeline
Summary of Evaluation, Findings and Recommendations
Methodologies
Planning
Exploitation
Reporting
Comprehensive Technical Report
Result Analysis
Recommendations
Appendices
Sample Appendix
Penetration Testing Report Analysis
Report on Penetration Testing
Pen Test Team Meeting
Research Analysis
Pen Test Team Meeting
Research Analysis
Pen Test Findings
Rating Findings
Analyze
Prioritize Recommendations
Delivery Penetration Testing Report
Cleanup and Restoration
Report Retention
Sign-off Document Template
Post-Testing Actions for Organizations

Course Fee (inclusive of 9% GST)

Individual

Criteria	Price inclusive of GST
Full Course Fee	$3,324.50
Singapore Citizens (SCs) and Permanent Residents (PRs) Funding Up to 50% of course fees	$1,799.50
SCs aged ≥ 40 years old ( SkillsFuture Mid-career Enhanced Subsidy ) Funding Up to 70% of course fees	$1,189.50

Company Sponsored (Non-SME)

Criteria	Price inclusive of GST
Full Course Fee	$3,324.50
Singapore Citizens (SCs) and Permanent Residents (PRs) Funding Up to 50% of course fees	$997.35
SCs aged ≥ 40 years old ( SkillsFuture Mid-career Enhanced Subsidy ) Funding Up to 70% of course fees	$1,799.50

Company Sponsored (SME)

Criteria	Price inclusive of GST
Full Course Fee	$3,324.50
Singapore Citizens (SCs) and Permanent Residents (PRs) Funding Up to 50% of course fees	$1,189.50
SCs aged ≥ 40 years old ( SkillsFuture Mid-career Enhanced Subsidy ) Funding Up to 70% of course fees	$1,189.50

SkilsFuture Credit

SSG-funded courses are eligible for SkillsFuture Credit. Singaporeans over the age of 25 can use their Skillsfuture credit to register in courses.

Post-Secondary Education Account (PSEA)

All Singaporeans aged under 31 are eligible to use their PSEA account for the following course.

Course Dates

Course Dates	Mode of Delivery	Duration
Contact Us	Online Live Learning (OLL)	5 Days

Course Dates

Course Dates	Mode of Delivery	Duration
2026	Online Live Learning (OLL)	5 Days
2026	Online Live Learning (OLL)	5 Days
2026	Online Live Learning (OLL)	5 Days
2026	Online Live Learning (OLL)	5 Days
2026	Online Live Learning (OLL)	5 Days

SSG Funding Requirements

All Trainees must take note of the following:

Must attend at least 75% of the course before being eligible to take the assessments.
Dynamic QR Code Attendance Taking:
a. Scan the QR Code that will be displayed by the Trainer on each session. Use your SingPass App to scan and submit your attendance. If you fail to do so, you will be deemed absent from that session.
b. The QR Code is only accessible on:
– Morning Session: between 9.00 am to 1.00 pm.
– Afternoon Session: between 2.00 pm to 6.00 pm.
Please take the attendance one at a time as the system can only register you one by one.
Sign daily on the Attendance Sheet as a backup if any technical glitch happens.
Submit Course Evaluation by the end of each module to help us improve the course and your future learning experience with us.

Certification

Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion by ITEL

Course Code: TGS-2023035643
Course Support Period: 6 July 23 – 31 January 27

Note: All certificate images are for illustrative purposes only and may be subject to change at the discretion of ITEL.

e-Statement of Attainment (SOA) from SkillsFuture Singapore (SSG)

Upon meeting attendance requirements and passing the assessment(s), participants will receive an e-Statement of Attainment (SOA) from SkillsFuture Singapore (SSG).

External Certification Exam

This course will also help prepare someone for the CPENT exam (optional).

FAQs

How can I become a Certified Penetration testing Professional?

The EC-Council’s Certified Penetration Testing Professional (CPENTAI) certification program is open to anyone who has a background in information security or holds the EC-Council Certified Ethical Hacker (CEH) certification or equivalent knowledge. To become a certified penetration testing professional, one must complete the CPENTAI certification exam by pursuing the CPENTAI program.

How does CPENTAI compare to other offensive security certifications?

CPENT AI goes beyond any other pen testing and offensive security certifications by offering complete hands-on pen testing methodology, enabling students to master end-to-end pen-testing phases and to complete any pen=testing assignment flawlessly. Any CPENT AI pen testing assignment requires 20% technical knowledge and 80% critical pen-testing skills like scoping, planning, legal requirements, and more. CPENTAI is the only offensive certification to cover AI skills in all pen-testing phases like, AI-powered attack simulations, social engineering, cloud, Active Directory testing, etc.

What jobs can I get after completing the CPENTAI certification program?

With CPENT AI being the core of advanced penetration testing training, one can apply for jobs as

Penetration Tester
Penetration testing Consultant
Penetration Testing Engineer
Security Penetration Testing Engineer
Vulnerability Assessment and Penetration Testing (VAPT) Analyst/Engineer
QA Security Tester
Web Application Penetration Tester
Vulnerability Assessment Specialist
Penetration Test Lead
Network Penetration Testing Engineer
Director of Technical Advisor

What does a CPENTAI do?

Penetration testers simulate cyberattacks on an organization’s network and computer systems. Their primary goal is to identify and exploit vulnerabilities before malicious hackers can do the same, helping organizations improve their security posture.

Why is pen testing important?

With growing cyberattacks, the need to strengthen the security posture of organizations is significant. Pen testing identifies and addresses vulnerabilities in a system that an attacker could exploit. Performing pen testing helps you identify which vulnerabilities are most critical, which are less important, and which are false positives.

Which sectors need a Pen tester?

Pen testers are in demand in almost all sectors, but the most important ones are banking, healthcare, utilities, technology, government agencies, finance and telecommunications.

Learner's Testimonials [x]

"Content"

Early registrations are encouraged.

5 Days

From S$997.35(After Eligible SSG Subsidies)

Security Analysis and Penetration Testing (SF) (Synchronous E-Learning)

Clientele

Security Analysis and Penetration Testing (SF) (Synchronous E-Learning)

Course Overview

Learning Outcomes

Who Should Attend?

Course Prerequisite

Potential Roles

Course Outline

Course Fee (inclusive of 9% GST)

SkilsFuture Credit

Post-Secondary Education Account (PSEA)

Course Dates

Course Dates

SSG Funding Requirements

Certification

e-Statement of Attainment (SOA) from SkillsFuture Singapore (SSG)

External Certification Exam

FAQs

How can I become a Certified Penetration testing Professional?

How does CPENTAI compare to other offensive security certifications?

What jobs can I get after completing the CPENTAI certification program?

What does a CPENTAI do?

Why is pen testing important?

Which sectors need a Pen tester?

Learner's Testimonials [x]

Related Courses

Certified Ethical Hacker (CEH)

CompTIA Security+

Cyber Forensics Investigator

Cyber Threat Intelligence Analyst

Download Security Analysis and Penetration Testing (SF) Brochure

Download Big Data Analytics (SF) Brochure (Testing)

Download Big Data Analytics (SF) Brochure (Testing)

Download Data Science and Machine Learning (SF) Brochure

Download CompTIA Security+ (SF) Brochure

Download Data Science and Machine Learning (SF) Brochure

Download Microsoft Certified Solutions Associate (MCSA) – 20742 (SF) Brochure

Download Microsoft Certified Solutions Associate (MCSA) – 20741 (SF) Brochure

Download Microsoft Certified Solutions Associate (MCSA) – 20740 (SF) Brochure

Download Business Analysis Professional (SF) (Synchronous E-Learning) Brochure

Download Microsoft Azure Security Technologies (SF) Brochure

Download Implementing SQL Database Administration (SF) Brochure

Download VMware Vsphere: Install, Configure, Manage (SF) Brochure

Download Design Mobile Applications on Android OS Platform (SF) Brochure

Download CompTIA Network+ (SF) Brochure

Download CompTIA Cloud Essentials+ (SF) Brochure

Download Big Data Analytics (SF) Brochure

Download Network Defender (SF) Brochure

Download ITIL® Foundation Certificate in Service Management (SF) Brochure

Download Project Management (SF) Brochure

Download Windows Server 2019 Administration (SF) Brochure

Download Windows Server 2019 Administration (SF) Brochure

Download Cloud Technology Solutions Architect Associate (SF) Brochure

Download Information Systems Security (SF) [OLL] Brochure

Download Microsoft Certified: Azure Fundamentals (AZ-900) Brochure

Download Microsoft Certified Azure Network Engineer Associate (AZ-700) Brochure

Download Cyber Threat Intelligence Analyst (SF) Brochure

Download Cyber Forensics Investigator (SF) [OLL] Brochure

Download Cyber Security Incident Handling and Response (SF) Brochure

Download Certified Ethical Hacker (CEH) (SF) [OLL] Brochure

Download Certified Ethical Hacker (CEH) (SF) Brochure

Download (SCTP) Advanced Certificate in Cyber Security Brochure

Download (SCTP) Higher Certificate in Network Administration Brochure

Download Strategic Cyber Security Leadership (SF) Brochure

Download Cisco Certified Network Associate (CCNA) (SF) Brochure

Course Listing Download Brochure

Cisco Certified Network Associate Download Course Brochure