NICF – Security Analysis and Penetration Testing (SF)

ec-council-logo

NICF – Security Analysis and Penetration Testing (SF)

This 5-day interactive and hands-on course takes the tools and techniques covered in Certified Ethical Hacker (CEH) to next level by utilizing EC-Council’s published penetration testing methodology.

Share on facebook
Share on twitter
Share on linkedin

Overview

Course reference number: TGS-2018500733

Also known as EC-Council Certified Security Analyst (ECSA), NICF – Security Analysis and Penetration Testing (SF) is a globally accepted hacking and penetration testing program that covers the testing of modern infrastructures, operating systems, and application environments while teaching the participants how to document and write a penetration testing report.

This 5-day interactive and hands-on course takes the tools and techniques covered in Certified Ethical Hacker (CEH) to next level by utilizing EC-Council’s published penetration testing methodology.

Prerequisites

Participants are recommended to attend CEH course before enrolling for this course.

Who Should Attend?

This course is highly recommended for ethical hackers, penetration testers, network server administrators, firewall administrators, security testers, system administrators, and risk assessment professionals.

Course Outline

  • Computer Network Fundamentals
  • TCP/IP protocol suite IP Addressing and port numbers
  • Network Terminology
  • Network Security Controls
  • Network Security Devices
  • Network File System (NFS)
  • Windows Security
  • Unix/Linux Security
  • Virtualization
  • Web Server
  • Web Application
  • Web Markup and Programming Languages
  • Application Development Frameworks and their Vulnerabilities
  • Web API’s
  • Web Sub Components
  • Web Application Security Mechanisms
  • Working of Most Common Information Security Attacks
  • Information Security Standards, Laws and Acts
  • What is Penetration Testing?
  • Benefits of Conducting a Penetration Test
  • ROI for Penetration Testing
  • How Penetration Testing Differs from Ethical Hacking?
  • Comparing Security Audit, Vulnerability Assessment and Penetration Testing
  • Types of Penetration Testing
  • Penetration Testing: Cost and Comprehensiveness
  • Selecting an Appropriate Testing Type
  • Different Ways of Penetration Testing
  • Selecting the Appropriate Way of Penetration Testing
  • Common Areas of Penetration Testing
  • Penetration Testing Phases
  • Penetrating Testing Methodologies
  • Need for a Methodology
  • LPT Penetration Testing Methodology
  • Penetration Testing Essentials
  •  
  • Penetration Testing: Pre-engagement Activities
  • Pre-engagement Activities
  • Request for Proposal (RFP)
  • Preparing Response Requirements for Proposal Submission
  • Setting the Rules of Engagement (ROE)
  • Establishing communication lines: Identify the Details of the Key Contact
  • Timeline
  • Time/Location
  • Frequency of meetings
  • Time of Day
  • Identify who can help you?
  • ROE Document
  • Handling Legal Issues in Penetration Testing Engagement
  • Penetrating Testing Contract
  • Preparing for Test
  • Handling Scope Creeping during pen test
  • OSINT Gathering Steps
  • OSINT Through World Wide Web (WWW)
  • OSINT through Website Analysis
  • OSINT Through DNS Interrogation
  • Automating your OSINT Effort Using Tools/Frameworks/Scripts
  • Social Engineering Penetration Testing
  • Skills Required to Perform Social Engineering Pen Test
  • Common Targets of Social Engineering Pen Test
  • Do Remember: Before Social Engineering Pen Test
  • Black Box or White Box?
  • Social Engineering Penetration Testing Steps
  • Social Engineering Penetration Testing using Email Attack Vector
  • Social Engineering Penetration testing using Telephone Attack Vector
  • Social Engineering Penetration testing using Physical Attack Vector
  • Network Penetration Testing
  • External vs. Internal Penetration Testing
  • External Network Penetration Testing
  • Internal Network Penetration Testing
  • Network Penetration Testing Process
  • White, Black or Grey-box Network Penetration Testing?
  • External Network Penetration Testing Steps
  • Port Scanning
  • OS and Service Fingerprinting
  • Vulnerability Research
  • Exploit Verification
  • Internal Network Penetration Testing
  • Why Internal Network Penetration Testing?
  • Internal Network Penetration Testing Steps
  • Footprinting
  • Network Scanning
  • OS and Service Fingerprinting
  • Enumeration
  • Vulnerability Assessment
  • Windows Exploitation
  • Unix/Linux Exploitation
  • Other Internal Network Exploitation Techniques
  • Automating Internal Network Penetration Test Effort
  • Post Exploitation
  • Steps for Firewall Penetration Testing
  • Steps for IDS Penetration Testing
  • Steps for Router Penetration Testing
  • Steps for Switch Penetration Testing
  • Assessing Firewall Security Implementation
  • Assessing IDS Security Implementation
  • Assessing Security of Routers
  • Assessing Security of Switches
  • White Box or Black Box?
  • Web Application Penetration Testing
  • Web Application Security Frame
  • Security Frame vs. Vulnerabilities vs. Attacks
  • Web Application Penetration Testing Steps
  • Discover Web Application Default Content
  • Discover Web Application Hidden Content
  • Conduct Web Vulnerability Scanning
  • Identify the Attack Surface Area
  • Tests for SQL Injection Vulnerabilities
  • Tests for XSS Vulnerabilities
  • Tests for Parameter Tampering
  • Tests for Weak Cryptography Vulnerabilities
  • Tests for Security Misconfiguration Vulnerabilities
  • Test for Client-Side Scripting Attack
  • Tests for Broken Authentication and Authorization Mechanism
  • Tests for Broken Session Management Vulnerabilities
  • Test for Web Services Security
  • Tests for Business Logic Flaws
  • Tests for Web Server Vulnerabilities
  • Tests for Thick Clients Vulnerabilities
  • Database Penetration Testing Steps
  • Information Reconnaissance
  • Database Enumeration: Oracle
  • Database Enumeration: MS SQL Server
  • Database Enumeration: MySQL
  • Vulnerability and Exploit Research
  • Database Exploitation: Oracle
  • Database Exploitation: MS SQL Server
  • Database Exploitation: MySQL
  • Wireless Penetration Testing
  • WLAN Penetration Testing Steps
  • RFID Penetration Testing Steps
  • NFC Penetration Testing Steps
  • Mobile Device Penetration Testing Steps
  • IoT Penetration Testing Steps
  • Wireless Local Area Network (WLAN) Penetration Testing
  • RFID Penetration Testing
  • NFC Penetration Testing
  • Mobile Device Penetration Testing
  • IoT Penetration Testing
  • Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP among others
  • Cloud Computing Security and Concerns
  • Security Risks Involved in Cloud Computing
  • Role of Penetration Testing in Cloud Computing
  • Do Remember: Cloud Penetration Testing
  • Scope of Cloud Pen Testing
  • Cloud Penetration Limitations
  • Cloud Specific Penetration Testing
  • Cloud Reconnaissance
  • Identify the Type of Cloud to be tested
  • Identify What to be Tested in Cloud Environment
  • Identify the Tools for Penetration Test
  • Identify What Allowed to be Tested in Cloud Environment
  • Identify Which Tests are Prohibited
  • AWS’s Provision for Penetration Testing
  • Azure’s Provision for Penetration Testing
  • Google Cloud’s Provision for Penetration Testing
  • Identify Date and Time for Penetration Test
  • Cloud Specific Penetration Testing
  • Recommendations for Cloud Testing
  • Penetration Testing Deliverables
  • Goal of the Penetration Testing Report
  • Types of Pen Test Reports
  • Characteristics of a Good Pen Testing Report
  • Writing the Final Report
  • Document Properties/Version History
  • Table of Contents/Final Report
  • Summary of Execution
  • Scope of the Project
  • Evaluation Purpose/System Description
  • Assumptions/Timeline
  • Summary of Evaluation, Findings and Recommendations
  • Methodologies
  • Planning
  • Exploitation
  • Reporting
  • Comprehensive Technical Report
  • Result Analysis
  • Recommendations
  • Appendices
  • Sample Appendix
  • Penetration Testing Report Analysis
  • Report on Penetration Testing
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Team Meeting
  • Research Analysis
  • Pen Test Findings
  • Rating Findings
  • Analyze
  • Prioritize Recommendations
  • Delivery Penetration Testing Report
  • Cleanup and Restoration
  • Report Retention
  • Sign-off Document Template
  • Post-Testing Actions for Organizations

Course fee:

Usual Price: S$3050
Promo Price: S$2750 (excluding GST)

 w/GST
Full Course Fees$3,263.50
Promo Fees$2,942.50
SG Citizen/PR aged ≥ 21 years$1,807.50
SG Citizen aged ≥ 40 years$942.50

 w/GST
Full Course Fees$3,263.50
Promo Fees$2,942.50
SG Citizen/PR aged ≥ 21 years$407.50
SG Citizen aged ≥ 40 years$942.50

 w/GST
Full Course Fees$3,263.50
Promo Fees$2,942.50
SG Citizen/PR aged ≥ 21 years$1,807.50
SG Citizen aged ≥ 40 years$942.50

Get Brochure and Pricing

More Like This

Get the course Brochure & Pricing

Our course consultant will contact you within 1 working day

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Stay-Home-Series-main-header-v2

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Open chat
Get in touch with our consultant