Crest Practitioner Security Analyst, CPSA

The CREST Practitioner Security Analyst (CPSA) course, is an entry-level training that gives Attendees, the knowledge required in assessing the security of operating systems, and common network services, at a basic level.

Attendees will obtain the knowledge to perform basic infrastructure and web application vulnerability scans, using commonly available tools, and interpret the results to locate security vulnerabilities.

The CREST Registered Penetration Tester qualification, is recognised by the National Cyber Security Centre (NCSC), as providing the minimum standard for CHECK Team Member status.

Cyber Skills Training - Image of a man

Course Style

Live Instructor Led. Face-to-Face or Attend-From-Any-Where

Skill up and get certified, guaranteed

Exam Pass Guarantee

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, You get to re-sit the course for free
100% Satisfaction Guarantee

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Classroom course.
Knowledge Transfer Guarantee

Knowledge Transfer Guarantee

High Impact Learning Solutions Designed to help students acquire skills, updates search skills and obtain certification. It also includes covering infrastructure and web application along with web application testing.

What is included?

  • 5 days of training
  • Course material/Slides
  • Examination Fees
  • 8% Certification Success in First Attempt
  • Classroom training Or Attend-From-Any-Where
  • Training delivered by Professionals with enormous industry experience 
  • Total comprehensive exam preparation

What you will Learn?

  • Core Technical Skills – OS fingerprinting, cryptography and network mapping
  • Information Gathering & Open Source – Google Hacking and DNS checks
  • Networking Equipment – configuration analysis and networking protocols
  • Windows and Unix Security Assessments – common vulnerabilities and patch management

Award-winning training that you can trust

Who should attend?

  • Anyone considering a career in Penetration Testing
  • Aspiring information security personnel who wish to be part of a Pen Test team
  • System administrators who are responding to attacks
  • Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
  • Government departments who wish to raise and baseline skills across all security teams
  • Law enforcement officers or detectives who want to expand their investigative skills

Course Dates

14 – 18 Nov , 2022 – London
14 – 18 Nov , 2022 – Singapore

Course Outline

Appendix A:          Soft Skills and Assessment Management

A1

Engagement Lifecycle

A2

Law & Compliance

A3

Scoping

A4

Understanding Explaining and Managing Risk

A5

Record Keeping, Interim Reporting & Final Results

Appendix B:          Core Technical Skills

B1

IP Protocols

 

B2

Network Architectures

 

B4

Network Mapping & Target Identification

 

B5

Interpreting Tool Output

 

B6

Filtering Avoidance Techniques

 

B8

OS Fingerprinting

 

B9

Application Fingerprinting and Evaluating Unknown Services

 

B10

Network Access Control Analysis

 

B11

Cryptography

 

B12

Applications of Cryptography

 

B13

File System Permissions

 

B14

Audit Techniques

 

Appendix C:          Background Information Gathering & Open Source

C1

Registration Records

C2

Domain Name Server (DNS)

C3

Customer Web Site Analysis

C4

Google Hacking and Web Enumeration

C5

NNTP Newsgroups and Mailing Lists

C6

Information Leakage from Mail & News Headers

Appendix D:          Networking Equipment

D1

Management Protocols

 

D2

Network Traffic Analysis

 

D3

Networking Protocols

 

D4

IPSec

 

D5

VoIP

 

D6

Wireless

 

D7

Configuration Analysis

 

Appendix E:          Microsoft Windows Security Assessment

E1

Domain Reconnaissance

 

E2

User Enumeration

 

E3

Active Directory

 

E4

Windows Passwords

 

E5

Windows Vulnerabilities

 

E6

Windows Patch Management Strategies

 

E7

Desktop Lockdown

 

E8

Exchange

 

E9

Common Windows Applications

 

Appendix F:          Unix Security Assessment

F1

User enumeration

 

F2

Unix vulnerabilities

 

F3

FTP 

 

F4

Sendmail / SMTP 

 

F5

Network File System (NFS)

 

F6

R* services

 

F7

X11

 

F8

RPC services

 

F9

SSH

 

Appendix G:          Web Technologies

G1

Web Server Operation

G2

Web Servers & their Flaws

G3

Web Enterprise Architectures

G4

Web Protocols

G5

Web Mark-up Languages

G6

Web Programming Languages

G7

Web Application Servers

G8

Web APIs

G9

Web Sub-Components

Appendix H:          Web Testing Methodologies

H1

Web Application Reconnaissance

 

H2

Threat Modelling and Attack Vectors

 

H3

Information Gathering from Web Mark-up

 

H4

Authentication Mechanisms

 

H5

Authorisation Mechanisms

 

H6

Input Validation 

 

H8

Information Disclosure in Error Messages

 

H9

Use of Cross Site Scripting Attacks

 

H10

Use of Injection Attacks

 

H11

Session Handling

 

H12

Encryption

 

H13

Source Code Review

 

Appendix I:           Web Testing Techniques

I1

Web Site Structure Discovery

I2

Cross Site Scripting Attacks

I3

SQL Injection

I6

Parameter Manipulation

 

Appendix J:           Databases

J1

Microsoft SQL Server

J2

Oracle RDBMS

J3

Web / App / Database Connectivity

Prerequisites

  • Basic understanding of VMware, Operating System, Network Security, Operational Security, Access Control, Threats and Vulnerabilities.
  • A level of knowledge that is equivalent to the Security+ is recommended.

Career, certification and Salary

CREST Certification Training course – CPSA

The security analyst plays a vital role in keeping an organization’s proprietary and digital information protected. He/she works inter-departmentally to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security system.

What is a CREST?

CREST presents the Information security industry-standard of practice, service, and customer satisfaction. CREST stands for ‘Council of Registered Ethical Security Testers’. The organization was initially established as a response to unethical penetration vulnerability testing. A lack of regulation led to a lack of uniform methodology and varying outcomes for testing subjects. It is a non-profit accreditation body that seeks to establish professional standards for penetration testers. CREST accreditation represents companies that are recognised as offering the highest-quality and most professional network or website penetration testing.

What Does It Mean to Have a Crest Practitioner Certificate?

There are three levels of CREST accreditation, all requiring different levels of experience and expertise. To be recognised as a CREST practitioner professional, you must take certification exams. Different levels require specific qualifications.

The most prestigious acknowledgement for testers is to be designated a ‘CREST certified professional’. This certification recognizes that these testers are capable of running full testing projects independently, as well as managing and coordinating teams.

How To Become a Crest Practitioner Security Analyst

Security analysts monitor, prevent, and stop attacks on companies’ private information. These CREST professionals create and implement firewalls and software systems to protect data and network infrastructures. This is a digital era, and the world is increasingly relying on technology and digital interfaces to store and share information, security analysts enjoy higher demand.

Responsibilities Of a Crest Practitioner Security Analyst

Security analysts are ultimately responsible for ensuring that the company’s digital data are protected from unauthorized access. These include both online and intranet infrastructure, filter out suspicious activity and finding & migrating risks before security breach. If a security breach does occur, security analysts are often on the front line, encountering the attack.

Security analysts are also responsible for generating reports for IT administrators and business managers to evaluate the efficiency of the security policies and implementing them strictly. They will help to make required changes for a more secure network and may create training programs and modules to educate employees.

Security analysts are also responsible for keeping the company’s security systems updated and creating documentation and planning for sudden incident response and disaster recovery plans.         

Other specific responsibilities include:

  • Monitoring security access
  • Conducting security assessments through vulnerability testing and risk analysis
  • Performing both internal and external security audits
  • Analyzing security breaches to identify the root cause
  • Continuously updating the company’s incident response and disaster recovery plans
  • Verifying the security of third-party vendors and collaborating with them to meet security requirements

 

How To Get Security Analyst Certifications

You will find lots of information on google which can confuse you. We are listing experts recommended programs to pass a security analysts certification.

Final Thoughts

When you become a Crest Practitioner Security Analyst, you will get a bright future ahead. Penetration testing and cybersecurity will be in huge demand with a handsome salary package.

Are you ready to get started?