Crest Practitioner Security Analyst, CPSA
The CREST Practitioner Security Analyst (CPSA) course, is an entry-level training that gives Attendees, the knowledge required in assessing the security of operating systems, and common network services, at a basic level.
Attendees will obtain the knowledge to perform basic infrastructure and web application vulnerability scans, using commonly available tools, and interpret the results to locate security vulnerabilities.
The CREST Registered Penetration Tester qualification, is recognised by the National Cyber Security Centre (NCSC), as providing the minimum standard for CHECK Team Member status.
Course Style
Live Instructor Led. Face-to-Face or Attend-From-Any-Where
What is included?
- 5 days of training
- Course material/Slides
- 97.7% Certification Success in First Attempt
- Live Classroom training Or Attend-From-Any-Where
- Training delivered by Professionals with enormous industry experience
- Total comprehensive exam preparation
- 35 Hours e-learning recording of a past CPSA event
- 1 x CPSA exam Voucher
What you will Learn?
- Core Technical Skills – OS fingerprinting, cryptography and network mapping
- Information Gathering & Open Source – Google Hacking and DNS checks
- Networking Equipment – configuration analysis and networking protocols
- Windows and Unix Security Assessments – common vulnerabilities and patch management
Who should attend?
- Anyone considering a career in Penetration Testing
- Aspiring information security personnel who wish to be part of a Pen Test team
- System administrators who are responding to attacks
- Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
- Government departments who wish to raise and baseline skills across all security teams
- Law enforcement officers or detectives who want to expand their investigative skills
Course Outline
Appendix A: Soft Skills and Assessment Management
A1 | Engagement Lifecycle |
A2 | Law & Compliance |
A3 | Scoping |
A4 | Understanding Explaining and Managing Risk |
A5 | Record Keeping, Interim Reporting & Final Results |
Appendix B: Core Technical Skills
B1 | IP Protocols |
|
B2 | Network Architectures |
|
B4 | Network Mapping & Target Identification |
|
B5 | Interpreting Tool Output |
|
B6 | Filtering Avoidance Techniques |
|
B8 | OS Fingerprinting |
|
B9 | Application Fingerprinting and Evaluating Unknown Services |
|
B10 | Network Access Control Analysis |
|
B11 | Cryptography | |
B12 | Applications of Cryptography | |
B13 | File System Permissions | |
B14 | Audit Techniques |
Appendix C: Background Information Gathering & Open Source
C1 | Registration Records |
C2 | Domain Name Server (DNS) |
C3 | Customer Web Site Analysis |
C4 | Google Hacking and Web Enumeration |
C5 | NNTP Newsgroups and Mailing Lists |
C6 | Information Leakage from Mail & News Headers |
Appendix D: Networking Equipment
D1 | Management Protocols |
|
D2 | Network Traffic Analysis |
|
D3 | Networking Protocols |
|
D4 | IPSec |
|
D5 | VoIP |
|
D6 | Wireless | |
D7 | Configuration Analysis |
Appendix E: Microsoft Windows Security Assessment
E1 | Domain Reconnaissance |
| |
E2 | User Enumeration |
| |
E3 | Active Directory |
| |
E4 | Windows Passwords |
| |
E5 | Windows Vulnerabilities | ||
E6 | Windows Patch Management Strategies | ||
E7 | Desktop Lockdown | ||
E8 | Exchange | ||
E9 | Common Windows Applications | ||
Appendix F: Unix Security Assessment
F1 | User enumeration |
|
F2 | Unix vulnerabilities |
|
F3 | FTP |
|
F4 | Sendmail / SMTP |
|
F5 | Network File System (NFS) | |
F6 | R* services | |
F7 | X11 | |
F8 | RPC services | |
F9 | SSH |
G1 | Web Server Operation |
G2 | Web Servers & their Flaws |
G3 | Web Enterprise Architectures |
G4 | Web Protocols |
G5 | Web Mark-up Languages |
G6 | Web Programming Languages |
G7 | Web Application Servers |
G8 | Web APIs |
G9 | Web Sub-Components |
Appendix H: Web Testing Methodologies
H1 | Web Application Reconnaissance |
|
H2 | Threat Modelling and Attack Vectors |
|
H3 | Information Gathering from Web Mark-up |
|
H4 | Authentication Mechanisms |
|
H5 | Authorisation Mechanisms |
|
H6 | Input Validation |
|
H8 | Information Disclosure in Error Messages |
|
H9 | Use of Cross Site Scripting Attacks |
|
H10 | Use of Injection Attacks | |
H11 | Session Handling | |
H12 | Encryption | |
H13 | Source Code Review |
Appendix I: Web Testing Techniques
I1 | Web Site Structure Discovery |
I2 | Cross Site Scripting Attacks |
I3 | SQL Injection |
I6 | Parameter Manipulation |
J1 | Microsoft SQL Server |
J2 | Oracle RDBMS |
J3 | Web / App / Database Connectivity |
Prerequisites
- Basic understanding of VMware, Operating System, Network Security, Operational Security, Access Control, Threats and Vulnerabilities.
- A level of knowledge that is equivalent to the Security+ is recommended.
Career, certification and Salary
CREST Certification Training course – CPSA
The security analyst plays a vital role in keeping an organization’s proprietary and digital information protected. He/she works inter-departmentally to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security system.
What is a CREST?
CREST presents the Information security industry-standard of practice, service, and customer satisfaction. CREST stands for ‘Council of Registered Ethical Security Testers’. The organization was initially established as a response to unethical penetration vulnerability testing. A lack of regulation led to a lack of uniform methodology and varying outcomes for testing subjects. It is a non-profit accreditation body that seeks to establish professional standards for penetration testers. CREST accreditation represents companies that are recognised as offering the highest-quality and most professional network or website penetration testing.
What Does It Mean to Have a Crest Practitioner Certificate?
There are three levels of CREST accreditation, all requiring different levels of experience and expertise. To be recognised as a CREST practitioner professional, you must take certification exams. Different levels require specific qualifications.
The most prestigious acknowledgement for testers is to be designated a ‘CREST certified professional’. This certification recognizes that these testers are capable of running full testing projects independently, as well as managing and coordinating teams.
How To Become a Crest Practitioner Security Analyst
Security analysts monitor, prevent, and stop attacks on companies’ private information. These CREST professionals create and implement firewalls and software systems to protect data and network infrastructures. This is a digital era, and the world is increasingly relying on technology and digital interfaces to store and share information, security analysts enjoy higher demand.
Responsibilities Of a Crest Practitioner Security Analyst
Security analysts are ultimately responsible for ensuring that the company’s digital data are protected from unauthorized access. These include both online and intranet infrastructure, filter out suspicious activity and finding & migrating risks before security breach. If a security breach does occur, security analysts are often on the front line, encountering the attack.
Security analysts are also responsible for generating reports for IT administrators and business managers to evaluate the efficiency of the security policies and implementing them strictly. They will help to make required changes for a more secure network and may create training programs and modules to educate employees.
Security analysts are also responsible for keeping the company’s security systems updated and creating documentation and planning for sudden incident response and disaster recovery plans.
Other specific responsibilities include:
- Monitoring security access
- Conducting security assessments through vulnerability testing and risk analysis
- Performing both internal and external security audits
- Analyzing security breaches to identify the root cause
- Continuously updating the company’s incident response and disaster recovery plans
- Verifying the security of third-party vendors and collaborating with them to meet security requirements
How To Get Security Analyst Certifications
You will find lots of information on google which can confuse you. We are listing experts recommended programs to pass a security analysts certification.
Final Thoughts
When you become a Crest Practitioner Security Analyst, you will get a bright future ahead. Penetration testing and cybersecurity will be in huge demand with a handsome salary package.