Training is not a commodity – all training centres are not the same. Iverson Associates Sdn Bhd is the most established, the most reputable, and the top professional IT training provider in Malaysia. With a large pool of experienced and certified trainers, state-of-the-art facilities, and well-designed courseware, Iverson offers superior training, a more impactful learning experience and highly effective results.
At Iverson, our focus is on providing high-quality IT training to corporate customers, meeting their learning needs and helping them to achieve their training objectives. Iverson has the flexibility to provide training solutions whether for a single individual or the largest corporation in a well-paced or accelerated training programme.
Our courses continue to evolve along with the fast-changing technological advances. Our instructor-led training services are available on a public and a private (in-company) basis. Some of our courses are also available as online, on demand, and hybrid training.
EC-Council Certified DevSecOps Engineer (E|CDE) is a hands-on, instructor-led comprehensive DevSecOps certification program that helps professionals build the essential skills to design, develop, and maintain secure applications and infrastructure.
• The E|CDE covers both on-premises and cloud-native environments (including AWS Cloud and Microsoft Azure) with 80+ labs from the creators of the world’s number one ethical hacking program, the Certified Ethical Hacker (C|EH).
• Designed and developed by SMEs with contributions by experienced DevSecOps professionals from around the world.
Why E|CDE?
• Adding security to a DevOps skill set enhances career prospects.
• The information provided in the E|CDE course is complemented with labs to help learners hone their practical skills and become industry ready.
• This course teaches students how to use various DevSecOps tools and create secure code throughout the software development life cycle.
• Participants gain familiarity with DevSecOps tools that enable the secure development of software and web applications, both on premises and in the cloud.
• The E|CDE course focuses on application DevSecOps and also provides insights into infrastructure DevSecOps.
• The integration of today’s most popular and important tools is illustrated at each stage of the DevOps life cycle.
• The E|CDE program helps DevSecOps engineers develop and enhance their knowledge and skills in securing applications at all stages of the DevOps pipeline.
1 - 3 Mar 2023
7 - 9 Jun 2023
20 - 22 Sep 2023
6 - 8 Dec 2023
Students should have an understanding of application security concepts.
• Understand DevOps security bottlenecks and discover how the culture, philosophy, practices, and tools of DevSecOps can enhance collaboration and communication across development and operations teams.
• Understand the DevSecOps toolchain and how to include security controls in automated DevOps pipelines.
• Integrate Eclipse and GitHub with Jenkins to build applications.
• Align security practices like security requirement gathering, threat modeling, and secure code reviews with development workflows.
• Integrate threat modeling tools like Threat Dragon, ThreatModeler, and Threatspec; manage security requirements with Jira and Confluence; and use Jenkins to create a secure CI/CD pipeline.
• Understand and implement continuous security testing with static, dynamic, and interactive application security testing and SCA tools (e.g., Snyk, SonarQube, StackHawk, Checkmarx SAST, Debricked, WhiteSource Bolt).
• Integrate runtime application selfprotection tools like Hdiv, Sqreen, and Dynatrace that protect applications during runtime with fewer false positives and remediate known vulnerabilities.
• Integrate SonarLint with the Eclipse and Visual Studio Code IDEs.
• Implement tools like the JFrog IDE plugin and the Codacy platform.
• Integrate automated security testing into a CI/CD pipeline using Amazon CloudWatch; Amazon Elastic Container Registry; and AWS CodeCommit, CodeBuild, CodePipeline, Lambda, and Security Hub.
• Implement various automation tools and practices, including Jenkins, Bamboo, TeamCity, and Gradle.
• Perform continuous vulnerability scans on data and product builds using automated tools like Nessus, SonarCloud, Amazon Macie, and Probely.
• Implement penetration testing tools like gitGraber and GitMiner to secure CI/CD pipelines.
• Use AWS and Azure tools to secure applications.
• Integrate automated tools to identify security misconfigurations that could expose sensitive information and result in attacks.
• Understand the concept of infrastructure as code and provision and configure infrastructure using tools like Ansible, Puppet, and Chef.
• Audit code pushes, pipelines, and compliance using logging and monitoring tools like Sumo Logic, Datadog, Splunk, the ELK stack, and Nagios.
• Use automated monitoring and alerting tools (e.g., Splunk, Azure Monitor, Nagios) and create a real-time alert and control system.
• Integrate compliance-as-code tools like Cloud Custodian and the DevSec framework to ensure that organizational regulatory or compliance requirements are met without hindering production.
• Scan and secure infrastructure using container and image scanners (Trivy and Qualys) and infrastructure security scanners (Bridgecrew and Checkov).
• Integrate tools and practices to build continuous feedback into the DevSecOps pipeline using Jenkins and Microsoft Teams email notifications.
• Integrate alerting tools like Opsgenie with log management and monitoring tools to enhance operations performance and security
A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A C|EH® understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.
The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries, and governments worldwide.
In its 12th version, the Certified Ethical Hacker provides comprehensive training, hands on learning labs, practice cyber ranges for engagement, certification assessments, cyber competitions, and opportunities for continuous learning into one comprehensive program curated through our new learning framework: 1. Learn 2. Certify 3. Engage 4. Compete.
The C|EH v12 also equips aspiring cybersecurity professionals with the tactics, techniques, and procedures (TTPs) to build ethical hackers who can uncover weaknesses in nearly any type of target system before cybercriminals do.
The C|EH® v12 is a specialized and one-of-a-kind training program to teach you everything you need to know about ethical hacking with hands-on training, labs, assessment, a mock engagement (practice), and global hacking competition. Stay on top of the game with the most in-demand skills required to succeed in the field of cybersecurity.
C|EH® ANSI
C|EH® Practical
Content Included
*Exam retakes are included with every courseware package. Candidates may activate this benefit through the EC-Council student portal (ASPEN)
** Proctor administration fees will be applicable for each attempt of the retake examination
There are no specific prerequisites for the C|EH program, however we strongly recommend candidates possess a minimum of 2 years’ experience in IT security before joining a C|EH training program. C|EH training is about testing systems and using them for purposes not originally intended, candidates should understand the basic functions of those IT systems before attempting to hack them. (Example: C|EH will teach the process of host evaluation leading to enumeration, in this process trainees will scan downrange targets using common scanning techniques such as Nmap which will respond with a list of ports, enumerating those ports and the services running on them can be used to expose common vulnerabilities and weaknesses in systems. The C|EH program will not teach you what a port is, that is essential knowledge you must have to be successful in the class.) If you do not possess the foundational skills in IT and Networking, we recommend starting with our free cybersecurity Essentials Series found here: https://www.eccouncil.org/academia/essentials
C|EH is divided into 20 modules and delivered through a carefully curated training plan that typically spans across 5 days. As you progress through your training, each module offers extensive hands-on lab components that allow you to practice the techniques and procedures taught in the program in real-time on live machines.
Ethical Hacking Labs
With over 220 hands-on labs, conducted in our cyber range environment, you will have the opportunity to practice every learning objective in the course on live machines and vulnerable targets. Pre-loaded with over 3,500 hacking tools and a variety of operating systems, you will gain unprecedented exposure to and hands-on experience with the most common security tools, latest vulnerabilities, and widely used operating systems on the market. Our range is web accessible, allowing you to study and practice from anywhere with a connection.
Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A C|EH® understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.
The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries, and governments worldwide. It is the most trusted ethical hacking certification that employers worldwide value, and for good reasons. The comprehensive curriculum covers the fundamentals of ethical hacking, foot printing and reconnaissance, scanning, enumeration, vulnerability threats, social engineering, SQL injection, and much more.
When you successfully achieve the C|EH certification, you will be equipped with every skill you need to uncover vulnerabilities and secure the systems, networks, applications, databases, and critical data from malicious hackers.
LEARN
6-10 Mar 2023 (Penang)
10-14 Apr 2023
8-12 May 2023
29 May-2 Jun 2023
19-23 Jun 2023 (Penang)
3-7 Jul 2023
31 Jul-4 Aug 2023
21-25 Aug 2023
11-15 Sep 2023
18-22 Sep 2023 (Penang)
2-6 Oct 2023
23-27 Oct 2023
6-10 Nov 2023
4-8 Dec 2023
18-22 Dec 2023 (Penang)
There are no specific prerequisites for the C|EH program, however we strongly recommend candidates possess a minimum of 2 years’ experience in IT security before joining a C|EH training program. C|EH training is about testing systems and using them for purposes not originally intended, candidates should understand the basic functions of those IT systems before attempting to hack them. (Example: C|EH will teach the process of host evaluation leading to enumeration, in this process trainees will scan downrange targets using common scanning techniques such as Nmap which will respond with a list of ports, enumerating those ports and the services running on them can be used to expose common vulnerabilities and weaknesses in systems. The C|EH program will not teach you what a port is, that is essential knowledge you must have to be successful in the class.) If you do not possess the foundational skills in IT and Networking, we recommend starting with our free cybersecurity Essentials Series found here: https://www.eccouncil.org/academia/essentials
C|EH is divided into 20 modules and delivered through a carefully curated training plan that typically spans across 5 days. As you progress through your training, each module offers extensive hands-on lab components that allow you to practice the techniques and procedures taught in the program in real-time on live machines.
Ethical Hacking Labs
With over 220 hands-on labs, conducted in our cyber range environment, you will have the opportunity to practice every learning objective in the course on live machines and vulnerable targets. Pre-loaded with over 3,500 hacking tools and a variety of operating systems, you will gain unprecedented exposure to and hands-on experience with the most common security tools, latest vulnerabilities, and widely used operating systems on the market. Our range is web accessible, allowing you to study and practice from anywhere with a connection.
Candidates who do not yet have 5 years of information security experience in at least 3 of the 5 CCISO Domains can still pursue a management certification to help propel their careers and put them on fast track toward obtaining the CCISO. EISM students must attend training – the same CCISO training that upper level executives attend – before attempting the EISM exam. There are no experience requirements for this exam. The courseware and training programs are exactly the same as those of the CCISO program. Imagine being able to push your new information security career forward using the same resources as seasoned professionals. That’s what the EISM program does. The EISM exam is a light version of the CCISO exam and tests the fundamentals of information security management.
Available upon request
The EISM program is right for you if you:
All EISM students must take EC-Council official training before sitting for the EISM exam.
Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.
Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.
Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.
Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.
Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.
The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
EXAM TITLE : EC-Council Certified CISO
EXAM CODE : 712-50
# OF QUESTIONS : 150
DURATION :2.5 Hours
AVAILABILITY : ECC Exam Portal
TEST FORMAT : Scenario-based multiple choice
PASSING SCORE : 72%
EC-Council has developed the Certified Cybersecurity Technician certification:
13-17 Feb 2023
17-21 Apr 2023
12-16 Jun 2023
4-8 Sep 2023
20-24 Nov 2023
The C|CT course can be taken by students, IT professionals, IT managers, career changers, and any individual seeking a career in cybersecurity, or aspiring to advance their existing role. This course is ideal for those entering the cybersecurity workforce, providing foundational technician level, hands-on skills to solve the most common security issues organizations face today.
There are no specific prerequisites to take the C|CT course and attempt the C|CT certification exam. Although this is an entry-level course, a working knowledge of IT networking and basic cybersecurity concepts will be an advantage to anyone taking this course.
This course is the most comprehensive review of cloud security concepts and industry best practices covering the six domains of the (ISC)2 Common Body of Knowledge (CBK®). You will gain knowledge in identifying the types of controls necessary to administer various levels of confidentiality, integrity, and availability, with regard to securing data in the cloud. You will identify the virtual and physical components of the cloud infrastructure with regard to risk management analysis, including tools and techniques necessary for maintaining a secure cloud infrastructure. You will gain an understanding in cloud software assurance and validation, utilizing secure software, and the controls necessary for developing secure cloud environments. You will identify privacy issues and audit processes utilized within a cloud environment, including auditing controls, assurance issues, and specific reporting attributes.
CCSP Domains
27-30 Mar 2023
17-20 Apr 2023
8-11 May 2023
19-22 Jun 2023
10-13 Jul 2023
14-17 Aug 2023
4-7 Sep 2023
23-26 Oct 2023
20-23 Nov 2023
18-21 Dec 2023
This training is intended for professionals who have at least five years of full-time IT experience, including three years in information security and at least one year in cloud security, and are pursuing CCSP certification to enhance credibility and career mobility. The seminar is ideal for those working in positions such as, but not limited to:
|
|
Experienced information security professionals with at least five years of IT experience, including three years of information security and at least one year of cloud security experience.
· CISSP Certification Prep Course
After completing this course, you will be able to:
1. Understand legal frameworks and guidelines that affect cloud services.
2. Recognize the fundamentals of data privacy regulatory/legislative mandates.
3. Assess risks, vulnerability, threats, and attacks in the cloud environment.
4. Evaluate the design and plan for cloud infrastructure security controls.
5. Evaluate what is necessary to manage security operations.
6. Understand what operational controls and standards to implement.
7. Describe the types of cloud deployment models in the types of “as a service” cloud models currently available today.
8. Identify key terminology, and associated definitions related to cloud technology.
9. Establish a common terminology for use within your team or workgroup.
10. Build a business case for cloud adoption and determine business units that benefit from cloud migration strategies.
Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive, specialist-level program that teaches a structured approach for building effective threat intelligence.
In the ever-changing threat landscape, C|TIA is an essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional-level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional-level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks.
C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks. This program addresses all the stages involved in the Threat Intelligence Life Cycle. This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.
The Purpose of C|TIA is:
For individuals: To provide an invaluable ability of structured threat intelligence to enhance skills and boost their employability.
Available Upon Request
The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the details of algorithms such as Feistel Networks, DES, and AES. Other topics introduced:
Participants will also be provided a practical application of the following:
5-7 Apr 2023
26-28 Jul 2023
11-13 Oct 2023
Anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.
This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography.
A basic knowledge of cryptanalysis is very beneficial to any penetration testing.
EC-Council’s Certified Cloud Security Engineer (C|CSE) course is curated by cloud security professionals in association with renowned subject matter experts to deliver a mix of vendor-neutral and vendor-specific cloud security concepts. The vendor-neutral concepts focus on cloud security practices, technologies, frameworks, and principles. In contrast, the vendor-specific materials deliver the practical skills that are needed to configure specific platforms, such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). This offers candidates a well-balanced mix of theoretical and practical skills. In addition, advanced topics also cover modules on securing the cloud infrastructure by implementing regulations and standards to maintain security. EC-Council’s cloud security course is mapped to the real-time job roles and responsibilities of cloud security professionals and is ideal for beginners as well as experienced cybersecurity professionals.
20-24 Feb 2023
22-26 May 2023
18-22 Sep 2023
Organizations need cloud security engineers to help them build a secure cloud infrastructure, monitor vulnerabilities and implement incidence response plans to mitigate cloud-based threats. C|CSE, with its unique blend of vendor-neutral and vendor-specific concepts, trains candidates in the fundamentals while equipping them with job-ready practical skills. With C|CSE, candidates learn:
In this module, you will be presented with the core concepts of cloud computing, cloud service models, and cloud-based threats and vulnerabilities. The module highlights service provider components, such as evaluation and the shared security responsibility model, that are essential to configuring a secure cloud environment and protecting organizational resources.
This module explores the key components and technologies that form a cloud architecture and how to secure multi-tenant, virtualized, physical, and logical cloud components. This module demonstrates configurations and best practices for securing physical data centers and cloud infrastructures using the tools and techniques provided by Azure, AWS, and GCP.
The focus of this module is securing cloud applications and explaining secure software development lifecycle changes. It explains the multiple services and tools for application security in Azure, AWS, and GCP.
This module covers the basics of cloud data storage, its lifecycle, and various controls for protecting data at rest and data in transit in the cloud. It also addresses data storage features and the multiple services and tools used for securing data stored in Azure, AWS, and GCP.
This module encompasses the security controls essential to building, implementing, operating, managing, and maintaining physical and logical infrastructures for cloud environments and the required services, features, and tools for operational security provided by AWS, Azure, and GCP.
This module demonstrates how to implement comprehensive penetration testing to assess the security of an organization's cloud infrastructure and reviews the required services and tools used to perform penetration testing in AWS, Azure, and GCP.
This module focuses on incident response (IR). It covers the IR lifecycle and the tools and techniques used to identify and respond to incidents; provides training on using SOAR technologies; and explores the IR capabilities provided by AWS, Azure, and GCP.
This module covers the forensic investigation process in cloud computing, including various cloud forensic challenges and data collection methods. It also explains how to investigate security incidents using AWS, Azure, and GCP tools.
This module highlights the importance of business continuity and disaster recovery planning in IR. It covers the backup and recovery tools, services, and features provided by AWS, Azure, and GCP to monitor business continuity issues.
This module focuses on the various governance frameworks, models, and regulations (ISO/IEC 27017, HIPAA, and PCI DSS) and the design and implementation of governance frameworks in the cloud. It also addresses cloud compliance frameworks and elaborates on the AWS, Azure, and GCP governance modules.
This module discusses standards, policies, and legal issues associated with the cloud. It also covers the features, services, and tools needed for compliance and auditing in AWS, Azure, and GCP.
The appendix covers the security of private, hybrid, and multi-tenant cloud models. It lists some of the best practices for securing VMWare Cloud, AWS, GCP, Azure hybrid cloud setups, and multi-tenant clouds.
The CND certification aims to equip you with hands-on training to function in real-life situations involving network defense. You will gain the technical skills required to proactively design a secure network with future threats in mind. This program will be akin to learning math instead of just using a calculator.
This program will be akin to learning math instead of just using a calculator. This program teaches a fundamental understanding of the true construct of data transfer, network technologies, and software technologies so that you understand how networks operate, the processes software is automating, and how to analyze the subject material.
You will learn how to mitigate, harden, and defend from the attacks. You will learn network defense fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN, and firewall configuration. You will then learn the intricacies of network traffic signature, analysis and vulnerability scanning which will help you when you design greater network security policies and successful incident response plans. These skills will help you foster resiliency and continuity of operations during attacks.
What typical students would benefit most from this class?
27 Feb-3 Mar 2023
3-7 Apr 2023 (Penang)
15-17 May 2023
31 Jul-4 Aug 2023
9-13 Oct 2023 (Penang)
20-24 Nov 2023
This program will take a typical Network/SysAdmin and immerse them in the world of Hackers and Cyber Defense.
Decoding Web Application Hacking and Security
Web Application Hacking and Security has challenges derived from the engaging iLab environments of EC Council – from Certified Ethical Hacker (CEH) to the Certified Penetration Testing Professional (CPENT); from Certified Application Security Engineer (CASE) .Net to Java. But Web Application Hacking and Security goes beyond this to more difficult scenarios as you advance through each problem.
Web Application Hacking and Security is like a Capture-The-Flag (CTF) competitions meant to test your hacking skills. But you can keep on trying until you achieve the goal. Test your skills and work alone to solve complex problems or follow the instructor as they do a walkthroughs to help you learn Web Application Hacking and Security.
Watch your name rise on the leader board, a place where you’ll see who’s cracking the most challenges, who’s making the most progress, who’s cranking out the [email protected]$!
What is included
Video tutorials – 1 year access
Break the Code labs (24 challenges) – 3 months access
Exam – Exam Dashboard validity period of 30 days from the day user activates exam dashboard
Exam and Certification
The Web Application Hacking and Security exam assesses candidates’ skills and proficiency on a broad spectrum of OWASP Top-10 web application vulnerabilities and attack vectors. Web Application Hacking and Security Exam is a fully online, remotely proctored practical exam that challenges candidates through a grueling 6-hour performance based, hands-on exam.
The exam focuses on candidates’ proficiency in performing a web application security assessment in real life stressful scenario. Candidates who score more than 60% will earn the Certified Web Application Security Associate certification, candidates who score more than 75% will be awarded the Certified Web Application Security Professional certification and candidates who score more than 90% attain the prestigious Certified Web Application Security Expert certification!
If you are tasked with implementing, managing, or protecting web applications, then this course is for you. If you are a cyber or tech professional who is interested in learning or recommending mitigation methods to a myriad of web security issues and want a pure hands-on program, then this is the course you have been waiting for.
• Penetration Tester
• Ethical Hacker
• Web Application Penetration
• Tester/Security Engineer
• Auditor
• Red Team Engineer
• Information Security Engineer
• Risk/Vulnerability Analyst
• Vulnerability Manager
• Incident responder
Pre-requisite
It is recommended to have:
• Good understanding of web application working
• Basic working knowledge of the Linux command line
• Basic knowledge of OSes and file systems
• Basic knowledge of Bash and/or Python scripting
Host System Requirement
Minimum Hardware Requirements for the Host OS:
• CPU: Intel i3(3.6 GHz per core) 64-bit/AMD Ryzen 3(3.6 GHz per core)
• RAM: 8 GB
• HDD: 60 GB available space
• Peripherals: External or Integrated Webcam
Software Requirements for the Host OS:
• Operating system: Windows 8.1 x64 or later/ MAC OSX
• Virtualization Software: Any latest solution such as VMware Player/VMware Workstation 8.0/VMware Fusion 7.0 or later, Hyper-V, VirtualBox
• Browser: Any modern browser such as Chrome, Firefox, Internet Explorer
• Internet: A stable Internet connection with a minimum of 5mbps Download and 1mbps Upload speeds. It is recommended to use hard-wired connection instead of wireless.
Virtual Machine Resource Requirement
Your virtual machine should be able to run penetration testing Linux distribution such as Parrot Security/Kali Linux or your own penetration testing toolkit.
VPN Software: The virtual machine should be installed with OpenVPN Connect client software. You can download it at https://openvpn.net/download-open-vpn/. The Parrot Security/Kali Linux distros come pre-installed with the OpenVPN client.
Unlike many Capture-the-Flag challenges and Vulnerable Virtual Machines, Web Application Hacking and Security provides the challenger with the ability to follow an instructor as they make their way through the challenges. The instructor will present alternatives, do scans, upload malicious payloads, and crack passwords from their home computer just like you.
– But don’t rely on the walkthrough; challenge yourself and see how far you can get. Play some of the walkthroughs, then pause and try some more.
In the process, you will learn about application vulnerabilities and web application hacking. Even though this will prove useful for other CTF contests, and in cracking VVMs, it will be even more useful to your career as you learn to defend your applications and progress to Web Application Hacking and Security.
Course Outline
• Advanced Web Application Penetration Testing
• Advanced SQL Injection (SQLi)
• Reflected, Stored and DOM-based Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF) – GET and POST Methods
• Server-Side Request Forgery (SSRF)
• Security Misconfigurations
• Directory Browsing/Bruteforcing
• CMS Vulnerability Scanning
• Network Scanning
• Auth Bypass
• Web App Enumeration
• Dictionary Attack
• Insecure Direct Object Reference Prevention (IDOR)
• Broken Access Control
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• Arbitrary File Download
• Arbitrary File Upload
• Using Components with Known Vulnerabilities
• Command Injection
• Remote Code Execution
• File Tampering
• Privilege Escalation
• Log Poisoning
• Weak SSL Ciphers
• Cookie Modification
• Source Code Analysis
• HTTP Header modification
• Session Fixation
• Clickjacking
• Advanced Web Application Penetration Testing
• Advanced SQL Injection (SQLi)
• Reflected, Stored and DOM-based Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF) – GET and POST Methods
• Server-Side Request Forgery (SSRF)
• Security Misconfigurations
• Directory Browsing/Bruteforcing
• CMS Vulnerability Scanning
• Network Scanning
• Auth Bypass
• Web App Enumeration
• Dictionary Attack
• Insecure Direct Object Reference Prevention (IDOR)
• Broken Access Control
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• Arbitrary File Download
• Arbitrary File Upload
• Using Components with Known Vulnerabilities
• Command Injection
• Remote Code Execution
• File Tampering
• Privilege Escalation
• Log Poisoning
• Weak SSL Ciphers
• Cookie Modification
• Source Code Analysis
• HTTP Header modification
• Session Fixation
• Clickjacking
EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.
6-10 Mar 2023
10-14 Apr 2023
19-23 Jun 2023 (Penang)
24-28 Jul 2023
23-27 Oct 2023
4-8 Dec 2023 (Penang)
There are no defined pre-requisite for the exam, but it is strongly recommend that candidates to attempt the CEH (Practical) and/ or ECSA (Practical) prior to attempting CPENT
Extensive knowledge of penetration testing across multiple disciplines extending from windows, IoTs, inline defenses to automation, operational technology, and advanced skills in binary exploitation. The certification tests the knowledge of tester not only on automated tools but manual testing skills as well.
Module 01: Introduction to Penetration Testing
Module 02: Penetration Testing Scoping and Engagement
Module 03: Open Source Intelligence (OSINT)
Module 04: Social Engineering Penetration Testing
Module 05: Network Penetration Testing – External
Module 06: Network Penetration Testing– Internal
Module 07: Network Penetration Testing – Perimeter Devices
Module 08: Web Application Penetration Testing
Module 09: Wireless Penetration Testing
Module 10: IoT Penetration Testing
Module 11: OT/SCADA Penetration Testing
Module 12: Cloud Penetration Testing
Module 13: Binary Analysis and Exploitation
Module 14: Report Writing and Post Testing Actions
CPENT is a fully online, remotely proctored practical exam that challenges candidates through a grueling 24-hour performance-based, hands-on exam. The exam is broken into 2 practical exams of 12-hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either 2 12-hour exams or one 24-hour exam.
Candidates who score more than 70% will earn the CPENT certification. Candidates who score more than 90% attain the prestigious LPT (Master) credential!
Exam features:
Choose your challenge! Either two 12-Hour sessions or a single 24-Hour exam!
EC-Council specialists proctor the entire exam – Validity is not in question.
Score at least 70% and become a CPENT
Score at least 90% and earn the highly regarded LPT (Master) designation!
To be a LPT (Master) means that you can find chinks in the armor of defense-in-depth network security models with the help of network pivoting, making exploit codes work in your favor, or by writing Bash, Python, Perl, and Ruby scripts. The live range CPENT exam demands that you think on your feet, be creative in your approach, and not rely on the conventional techniques.
Outsmarting and out maneuvering the adversary is what sets you apart from the crowd. The CPENT’s hands-on exam offers a challenge like no other by simulating a complex network in real time. This experience will test your perseverance and focus by forcing you to outdo yourself with each new challenge.
The C|CISO Training Workshop is a premium Training & Certification program for aspiring Chief Information Security Officers that wish to penetrate the inner sanctum of Information Security Management and Leadership.
During the C|CISO Training Workshop, participants will be challenged to develop a business continuity plan for a company in a given industry and situation, use metrics to communicate cyber risk for different audiences, and describe how to align a given security program with the goals of the business in which it resides, among many other exercises. The challenges are aimed at helping aspiring leaders develop business acumen, practice on their managerial skills and further hone their technical expertise by diving deep into how security should be injected into the procurement process and how a CISO should manage budgets and assets.
The C|CISO course has certified leading information security professionals around the world and is the first of its kind training and certification program aimed at producing top-level Information Security Leaders. The C|CISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by seasoned CISOs for current and aspiring CISOs. C|CISO Material assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work.
The C|CISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavors to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the C|CISO Training Program can be the key to a successful transition to the highest ranks of information security management.
17-20 Feb 2022
24-27 Mar 2022
5-8 May 2022
23-26 Jun 2022
4-7 Aug 2022
15-18 Sep 2022
10-13 Nov 2022
15-18 Dec 2022
The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of organization as well as aspiring CISOs. Other information security management certification programs focus on middle management. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.
In order to sit for the CCISO exam, applicants that attend training must apply via the CCISO Eligibility Application showing 5 years of experience in at least 3 of the 5 CCISO domains (experience can be overlapping). Students who do not meeting the eligibility criteria for the CCISO exam can sit for the EC-Council Information Security Manager (EISM) exam & apply for the CCISO exam when they meet the requirements.
Domain 1 covers Policy, Legal, and Compliance issues involved in the executive management of an Information Security Program.
Domain 2 is concerned with Audit and Risk Management, including understanding your organization’s risk tolerance and managing accordingly.
Domain 3 covers many of the day-today aspects of the CISO job including project, technology, and operations management.
Domain 4 delves into the technology of the CISO’s role, but from an executive perspective.
Domain 5 covers Finance and Strategic management, some of the key skills that help CISOs rise to the level of their peer C-Level executives.
The C|CISO Exam was developed by practicing CISOs and based on the real-world scenarios professionals from across industries have faced while securing some of the most prestigious organizations in the world. Applicant’s knowledge in all five of the C|CISO Domains will be tested on the exam that focuses on scenario-based questions and requires applicants to apply their real-world experience in order to answer successfully. To that end, in order to qualify to sit for the C|CISO Exam after taking the C|CISO class, applicants have at least 5 years of information security experience in 3 or more of the C|CISO Domains. Any student lacking this experience may take the ECCouncil Information Security Management exam and earn the EISM certification. In order to sit for the C|CISO exam and earn the certification, candidates must meet the basic C|CISO requirements. Candidates who do not yet meet the C|CISO requirements but are interested in information security management can pursue the EC-Council Information Security Management (EISM) certification.
EXAM TITLE : EC-Council Certified CISO
EXAM CODE : 712-50
# OF QUESTIONS : 150
DURATION :2.5 Hours
AVAILABILITY : ECC Exam Portal
TEST FORMAT : Scenario-based multiple choice
PASSING SCORE : 72%
The Red Hat Certified Specialist in Identity Management exam (EX362) tests your knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.
By passing this exam, you become a Red Hat Certified Specialist in Identity Management, which also counts toward becoming a Red Hat® Certified Architect (RHCA®).
This exam is based on Red Hat Enterprise Linux 7, Red Hat Satellite Server 6, Red Hat Ansible Tower 2, and Microsoft Windows 10 Active Directory.
These audiences may be interested in becoming a Red Hat Certified Specialist in Directory Services and Authentication:
PMP, Project Management Professional (PMP), CAPM, Certified Associate in Project Management (CAPM) are registered marks of the Project Management Institute, Inc.