EC-Council Certified Security Analyst


EC-Council’s Penetration Testing Certification Training Course – ECSA version 9 takes the skills taught in our Certified Ethical Hacker course to the next level by offering cybersecurity professionals a pen test methodology deployed through its hand-on component; EC-Council’s online cyber range.

Since CEH came on the market like a whirl wind, over 100,000 IT Security professionals have become Certified Ethical Hackers. Today the term “ethical hacker” has become a baseline, description for an IT Security professional. EC-Council brought you that term.

EC-Council, Certification, CEH, ECSA, IT Security Track, Security Assessment, Expoiting Vulnerabilities.

The ECSA penetration tester course was designed by professionals to teach ethical hackers how to apply their hacking skills (Not limited to but including The Five Phases of Ethical Hacking) in a pen test scenario. The scenarios cover the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report.

Each candidate will be required to write and submit a penetration test report which they will develop throughout the course and which will be based on the labs in the course delivered via EC-Council’s iLabs cyber range platform. Only candidates who can successfully complete the challenges and pass the report writing portion of the course will be allowed to take the EC-Council Certified Security Analyst (ECSA) certification exam.

Course Overview

ECSA Course Demo:

Meet your Instructor:

iLabs Demo:

Course Outline

  • Security Analysis and Penetration Testing Methodologies
  • TCP IP Packet Analysis
  • Pre-penetration Testing Steps
  • Information Gathering Methodology
  • Vulnerability Analysis
  • External Network Penetration Testing Methodology
  • Internal Network Penetration Testing Methodology
  • Firewall Penetration Testing Methodology
  • IDS Penetration Testing Methodology
  • Web Application Penetration Testing Methodology
  • SQL Penetration Testing Methodology
  • Database Penetration Testing Methodology
  • Wireless Network Penetration Testing Methodology
  • Mobile Devices Penetration Testing Methodology
  • Cloud Penetration Testing Methodology
  • Report Writing and Post Test Actions

Licensed Penetration Tester (LPT) Master

To earn the prestigious EC-Council LPT (Master) Credential, you must successfully pass our most challenging practical exam available. The LPT (Master) practical exam is the capstone to EC-Council’s entire information security track; from the Certified Ethical Hacker Program (CEH) to theEC-Council Certified Security Analyst (ECSA) Program. It all culminates with the ultimate test of your career as a penetration tester – the Licensed Penetration Tester practical exam.

You will need to demonstrate a mastery of the skills required to conduct a full black box penetration test of a network provided to you by EC-Council on our cyber range, iLabs. You will follow the entire process taught to you through Ethical Hacking and Security Assessment, taking you from reconnaissance, scanning, enumeration, gaining access, maintaining access, then exploiting vulnerabilities that you will have to seek out in a network that only a true professional will be able to break. EC-Council will provide the entire cyber-range through its cloud based cyber range, iLabs. All tool-sets are provided to you – you bring the skill.

EC-Council, Certification, CEH, ECSA, IT Security Track, Security Assessment, Exploiting Vulnerabilities “Many have described report writing as one of least preferred, yet arguably one of the most critical parts of any penetration testing engagement.” To successfully pass the LPT (Master) practical, you must fully document your penetration test in a complete, professional penetration test report. This report will follow formats learned in the ECSA program, following industry acceptable, penetration testing and reporting procedures used by only the top professionals in the industry.

This report will be reviewed and scored based on a complex rubric by other penetration testing professionals dedicating to upholding the value of EC-Council’s LPT (Master) Credential, and enhancing the professionalization of cybersecurity as a field penetration tester.

LPT Master Requirements

A. Eligibility Criteria

  • To be eligible to apply to sit for the LPT (Master) Exam, candidate must either.
    • Be an ECSA member in good standing (Your USD$100 application fee will be waived); or
    • Have a minimum of 2 years working experience in pentesting (You will need to pay USD$100 as a non-refundable application fee); or
    • Have any other approved industry certifications such as OSCP or GPEN cert (You will need to pay USD$100 as a non-refundable application fee).

B. Application Process

  • Applicants must apply directly to EC-Council via the online web form here: and provide the following:
    • A copy of police verification from applicant’s local law enforcement agency or EC-Council Declaration of No Criminal Conviction Form ;
    • EC-Council Code of Conduct (COC) Form ;
    • Updated Resume documenting penetration testing experience or skill;
  • Approved applicants must purchase the Licensed Penetration Tester (Master) Exam Kit via EC-Council online store within 3 months of receiving the approval email (the approval will expire post the 3 months and applicants will have to reapply and remit the $USD100 non-refundable application fee again).
  • Upon confirmation of the payment of USD$899, the LPT (Master) Exam Kit will be released to the applicant, which consists of:
    • iLabs Cyber Range Access Code (applicants are given a 5 day block access from activation date / code is valid for 3 months from the date of release)
    • Aspen LPT (Master) Dashboard Access Code (applicants have a 30 day window to submit their reports from activation date/code is valid for 3 months from the date)
    • A 2 year LPT (Master) License is included in the LPT (Master) Exam Kit valid for 2 year license / subject to ECE and renewal requirements)

C. How Is The Exam Conducted?

  • Candidates will receive instructions on how to activate their exams via EC-Council’s ASPEN portal via their registered email.
  • Candidates will activate their exam through ASPEN, using their unique Aspen LPT (Master) Dashboard Access Code will be provided.
  • Candidates are given 5 days (calculated from the activation of their Aspen LPT (Master) Dashboard) to complete the required blackbox penetration test of EC-Council’s cyber range.
  • Candidates are given 30 days (calculated from the activation of their Aspen LPT (Master) Dashboard) to submit their completed penetration test report through their ASPEN account.
  • Candidates will receive their exam results through official email notifications from EC-Council ([email protected]) within 14 days from the submission of the penetration testing report.
  • If a candidate requires extension to the iLabs Cyber Range access, a further 5-day block can be purchased at USD$200 per block (through EC-Council online store).
  • If a candidate submits a wrong or incomplete report, they will have to purchase a new Aspen LPT (Master) Dashboard Access Code at US$100 (through EC-Council online store). This option is only available before the expiry of the 30 days requirement (calculated from the activation of their Aspen LPT (Master) Dashboard).
  • If a candidate fails to complete the exam in the 30 days’ time period allotted for the exam, they will have to purchase a new exam.

D. LPT (Master) Credential

  • Successful candidates will receive the LPT (Master) Welcome Kit consisting of:
    • Membership card
    • Printed Certificate
    • LPT (Master) Plaque
    • Welcome Letter
    • Lapel Pin
    • EC-Council LPT (Master) T-shirt
  • The LPT(Master) license is valid for 2 years. After the initial 2 years, members will have to renew their LPT (Master) license by remitting the annual USD250 renewal fee.
  • Members are required to fulfil their ECE requirements to remain in good standing.

About the Exam

  • Credit Towards Certification: ECSA v9
  • Number of Questions: 150
  • Passing Score: 70%
  • Test Duration 4 Hours
  • Test Format: Multiple Choice
  • Test Delivery: ECC Exam Portal

Training Methods

iLearn Self-Placed Online Security Training

iLearn is EC Council’s online, self-paced option which means that all of the same modules taught in the live course are recorded and presented in a streaming video format. A certification candidate can set their own learning pace by pausing the lectures and returning to their studies as their schedule permits!

This all-inclusive training program provides the benefits of classroom training at your own pace.

Base package includes:

  • Instructor-led, streaming video training modules – 1 year access
  • Official EC-Council e-courseware – 1 year access
  • iLabs, virtual lab platform – 1 year access
  • Certification Exam Voucher
  • Certificate of Attendance

Select Options

Live, Online, Instructor-led

Live,Online courses delivered Live, Online by a Certified EC-Council Instructor! Courses run 8 am to 4 pm Mountain time, Monday thru Friday.

Training Includes:

  • Official Courseware
  • iLabs, Online Labs (6 Months Access)
  • Certification Exam Voucher

Request Information


EC-Council can bring a turn-key training solution to your location. Call for a quote. Training Includes:

Training Includes:

  • Official Courseware
  • iLabs, Online Labs (6 Months Access)
  • Certification Exam Voucher

Request Information

Courseware Only

We recognize that some folks have the background and experience to forgo training, so official courseware is available for self-study. Click HERE to request the self-study exam application form

*Cost includes shipping

Note: The exam runs $650 with $100 application fee.

Request Information


Introducing the STORM!

Mobile Security Tool Kit

For the past several years we have offered our training on a mobile device so that you can take your training with you and eliminate the need to stream the videos. This device is the next generation mobile device. This is a fully loaded pen test tool kit comes equipped with a custom Linux Hacking OS and, wait for it… we can load your course (or 2) onto the device. In the sage words of Ray Bradbury, “Something Wicked This Way Comes.”

Getting Started

Terms of Use

Note: The STORM mobile security tool kit contains a full Kali Linux load including all of the associated security tools. These tools are very powerful and all proper precautions should be adhered to at all times.

Always remember that the difference between illegal and ethical hacking comes down to one word; permission. It is illegal to utilize these or any other pen testing tools on a network or website without permission.

As stated in the terms and conditions, EC-Council is not responsible for illegal use of these tools and you accept the full liability for its usage. The entire code of ethics can be found here.


  • 64 Bit – Quad Core Mobile System with Case
  • 1 GB RAM
  • 7 inch touch screen display
  • 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
  • 100Mb Ethernet port
  • 4 USB ports
  • 802.11n wireless
  • Bluetooth 4.1
  • Combined 3.5mm audio jack and composite video
  • Camera interface (CSI)
  • Display interface (DSI)
  • VideoCore IV 3D graphics core
  • Full HDMI
  • USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
  • Rollup water resistant keyboard
  • Field Case Organizer for all your gear