Penetration testing course Professional

INTRO

"Read this before signing up for any Penetration Testing Course"

Dear Aspiring Penetration Tester,

With so many penetration testing courses & certifications on the market, how do you make the choice that is right for your unique circumstances?

Let’s face it. Becoming a certified penetration tester is not easy, even with years of experience in general IT security. A good penetration tester needs both “offensive” and “defensive” knowledge about IT security. Unfortunately, conventional IT training only focuses on the more "defensive" aspects.

To make matters more confusing for the beginner, there is no industry standard definition on what it means to be a penetration tester. There is no prescribed course syllabus that one has to go through. This means that someone may be...

"Certified" But Not Proficient
in the Real World!

A Lucrative and Important Job

Penetration testing is big business in today's IT environment.

Penetration testing is big business in today's IT environment. A qualified penetration tester can easily command $15,000 to $45,000 per commercial or government project and/or increase his or her financial package with the current employer! There is also the prestige and perks of being known as a “hacking expert”. The media loves to interview such experts about IT security issues.

However, merely acquiring "certifications" will not turn you into an expert penetration tester overnight. Most commercial penetration testers have years of experience and learned their skills from trial & error. They also have to keep up with the latest hacking techniques, threats and countermeasures.

So the question is: If you don't already have years of experience or the years to learn through trial & error ...

how can you fast-track your way to penetration testing success?

Here are 3 possible options:

You can spend time attending "live" classes: This can be difficult if you hold a day job, and can't take time to attend regular lessons. If you have family commitments, it makes juggling your time even more difficult. One of the worries about attending "live" classes is not keeping up with the pace, especially if you are not from an IT background. Another stumbling block is finding high-quality classes conducted in your area. You may have to spend time traveling to attend these classes
You can learn from books or manuals. There has been a great deal written about penetration testing. However, this field is constantly evolving and the long publishing cycles can't keep up with the pace of new knowledge. While there are many "underground" hacking techniques, they are not well-documented. And there is no prescribed "reading list" for a penetration tester, because this field draws from many disciplines (even psychology).
You can get yourself "certified" by paying a fee & taking a test. As mentioned, certification does NOT equal real-world competence. Most of the "certifications" offered merely require you to sit through a multiple-choice exam. This is like assessing a fighter pilot based on his performance on a written test!

The best possible option is to take advantage of the comprehensive course, real-world labs and eCPPT certification eLearnSecurity. Get started today.

Discover what you can learn in a self paced training course on Penetration testing:

The Professional Course from eLearnSecurity includes all this and more:

1600 interactive elearning slides
3 knowledge domains
5 hours of video training
Network Security
System security
Web application security

Practical oriented training
Master report writing
Dedicated forums
Qualifies for 40 CPE credits
eCPPT certification
Life-time access to material

ADVANCE YOUR IT SECURITY CAREER TODAY WITH ELEARNSECURITY

CONTENTS

Incredibly In Depth, And Practical

Download Course Syllabus

The Professional Course is divided in three sections, comprised of Flash slides, video material and practical exercises. This ensures that you have a sound understanding of each technique before showing you how to use the tools in the real-world. The course is designed to make you a Professional, not just a technician.

The System Security Section is a highly technical and fascinating journey into the exploitation world authored by Vipin and Nitin Kumar, the two researchers who, while at Black Hat in 2007, demonstrated the first Windows Vista Bootkit (and later on Windows 7).

This section covers everything a penetration tester must know in terms of system exploitation, from an introduction to the x86 architecture, through shellcoding techniques for different platforms.

You will understand the basics of cryptography and how these affect password cracking techniques used by modern hackers.

If you are interested in Malware we've got you covered, including real world examples and an exclusive guide on how to code your own rootkits.

The Network Security Section is authored by our senior instructor Brett Arion, who has over 15 years of experience as an IT Security professional. This section will provide you with the necessary skills to conduct a network penetration test. You will learn and practice most modern information gathering techniques before getting your hands dirty with technical topics such as Port Scanning and Vulnerability Assessments.

You will also learn how to perform Sniffing within a network and mounting Man in the Middle attacks. In the Exploitation phase you will learn how to use Metasploit to infiltrate a network and gain access to remote computers.

You will also receive an entire module dedicated to exposing tricky techniques and teaching you how to use the Social Engineering Toolkit.

The Web Application Security Section authored by our founder and lead instructor Armando Romeo, is an extremely in-depth section covering all the most important attack techniques used against web applications and the OWASP TOP 10.

A great deal of coverage is given to the analysis of web applications - you will learn how to collect and methodically store engagement information, as well as fingerprint the infrastructure and application.

You will also learn how to master tools like Burp Suite and other OWASP recommended tools to inspect the target web application.

You will be exposed to the best manual and automated techniques professional penetration testers use to assess vulnerabilities in web applications.

Continuing your education, you will then learn and practice many more advanced exploitation techniques, including XSS, SQLI, LFI/RFI and more.

Finally, you will study advanced payloads that will bring you from simple XSS or SQLi to root access on the remote host.

This section is best enjoyed with an account to Coliseum Labs.

Get A Free Module And Experience This Course Directly

INSTRUCTORS

OUR AUTHORS ARE LEADERS IN THEIR AREA OF COMPETENCE

Armando Romeo is the founder of eLearnSecurity and author of the Web Application Security section included in the Penetration testing course - Professional.

Prior to founding eLearnSecurity, Armando had founded the Hackers Center Security research group with which has published over one hundred security advisories on open-source and commercial web applications. During his career, Armando has conducted a number of web application and network security assessments. He has served as Consultant and Head of Italian business for Security Brigade, a leading Penetration testing services company based out of Mumbai, India.
He holds a Master's Degree in Computer Engineering from the University of Pisa.

Brett Arion, CISSP, is a co-founder of eLearnSecurity. He has two decades of experience in the IT industry, with over half dealing with IT Security, including serving as Director, ICT Security Information Manager for BlueCross BlueShield of South Carolina.

He has extensive experience in the areas of IT Operational Security processes, procedures, and methodologies. Brett has also been involved with a number of key regulatory requirements such as Payment Card Industry (PCI), Federal Information Systems Management Act (FISMA), and DoD Information Assurance Certification and Accreditation Process (DIACAP)
Brett is Author of the Network Security section of the Penetration testing course - Professional

Nitin and Vipin Kumar are two of the brightest talents in IT Security research. As independent researchers they are deeply involved in the System Security field. They apply their extensive hands on experience to creating practical coursework and virtual labs. Nitin and Vipin are co-authors of the Windows Vista Bootkit - Attacking Vista from Boot Sectors (Black Hat 2007) and Windows 7 Bootkit (Hack in the Box 2009).

Nitin and Vipin have authored the System Security section of Penetration Testing Course - Professional

MEET THEM ON OUR PRIVATE FORUMS

ECPPT CERTIFICATION

Become eCPPT with eLearnSecurity's Professional Penetration Testing Course

Why should I get certified?

The eCPPT designation stands for "eLearnSecurity Certified Professional Penetration Tester". eCPPT is a highly respected Ethical Hacking and Penetration Testing Professional certification.

Professional penetration testers are a critical component of any company's IT security plan. By auditing systems and helping their company find and fix weaknesses before hackers find them, professional penetration testers help safeguard billions of dollars worth of sensitive systems and data every day.

With eLearnSecurity you can be...Certified AND Proficient in The Real World!

When you enroll in our Professional course you...

Get eCPPT Exam voucher included!
Redeem it within 120 days
Have up to 30 days to provide deliverables

In the last 5 years, Penetration testers role has evolved to provide a broader spectrum of services than ever before:

Advanced Web applications testing
Every device nowadays has a web application front-end
Increased Reporting quality
Penetration testing is not just breaking things anymore

But above all...

Business-aware remediation plans
Penetration testers must understand their client's business more than ever

For the IT security professional seeking to keep his or her skills sharp, current and up-to-date with this perpetually evolving arena, eLearnSecurity's eCPPT Silver certification delivers the best value in theory, methodology and practice.

A Professional Penetration Course Engineered to Keep Your Skills Relevant and Your Company Safe

eLearnSecurity's eCPPT Silver certification is the most practical AND professionally oriented certification you can obtain in penetration testing. Here are some of the ways eLearnSecurity Certified Professional Penetration Tester (Silver) certification is different from conventional certification:

Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a hypothetical e-commerce company. This penetration test is modeled after a real-world scenario and is very challenging.
Beware: this is not a catch the flag scenario! As in a real penetration test eLearnSecurity requires that you find and exploit all of the vulnerabilities
Not only do you have to try different methodologies to conduct a thorough penetration test, you will also be asked to write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.
Only individuals who provide proof of their findings in addition to writing a commercial-grade penetration testing report that correctly identifies the weaknesses and best remediations in this "engagement", are awarded the eCPPT Certification.

With eLearnSecurity penetration testing course, you will be able to study theory and methodology and practice your acquired skills through exercises and labs. You'll gain more than a certificate: you'll gain current skills that align with the changing demands of your industry.

eLearnSecurity's eCPPT Silver is the only certification for Penetration testers that evaluates your abilities at attacking your target and providing thorough professional documentation and recommendation.

Complete support offered in all labs and exercises
Practice in our virtual lab and learn how to produce a commercial-grade penetration testing report
Your work personally evaluated by instructors - no automated evaluation

The Penetration testing course is an investment in your own career and your company. Give yourself a competitive advantage and an edge on hackers!

AVAILABLE WITH THE PROFESSIONAL PENETRATION TESTING COURSE

LABS

A PRACTICAL HANDS-ON TRAINING COURSE

The Professional Penetration Testing course is a practice-based curriculum that comes with many real-world simulation opportunities.

When you enroll in the course you are given a copy of Backtrack and an ISO containing the same lab used to test your skills during the certification phase.

In the introductory modules, you will prepare your own local lab with a compiler, an assembler and a debugger that you will use during the practical sessions included in the System Security section.

These scenarios include exploit development, Windows 32 bit executables analysis and exploitation, malware coding and analysis and rootkit development.

you want to get deeper into practical Web application exploitation you can add 30 or more days of access to our unique and innovative Coliseum Lab WAS360. Coliseum is a virtual lab running on our servers that will allow you to practice all the techniques that you will learn during the Web Application Security Section, in a user-isolated sand-boxed environment running against 14 different real-world scenarios . Coliseum Labs also helps the student acquire real world skills readily usable in a current or future engagement.

How can I add Coliseum Lab WAS360 to the package?

You can click on Enroll and opt for one of the bundle packages that includes eLearnSecurity's Coliseum Lab WAS360.

PRE-REQUISITES

ALL YOU NEED TO KNOW BEFORE YOU CAN ENROLL IN OUR COURSE

Penetration testing course - Professional is a highly technical and in depth course.

Everyone with a solid background in Computing and Networking can enroll in this course.

If you are completely new to IT Security and Penetration testing we advise you to check out our course for beginners:

Penetration testing course - Student

If you are into IT Security and want to advance your career as Penetration tester you should have all the necessary
background to enroll in our course.

If you are unsure, please check the following guidelines.

Minimum skills required
Before you enroll in the course you should have a grasp of how TCP/IP works.
If you are able to describe how two computers on the internet communicate with each other on a packet by packet basis, you are good to go.

You should have an understanding of programming languages such as C/C++ and PHP. This doesn't mean you have to be able to produce your own code: you should at least be able to understand the snippets of code that we will provide you during the training course.

Only three modules out of 19 total modules deal with C++/ASM.

Moreover, we do not request that you know Linux shell scripting.

Recommended skills
A good understanding of network protocols such as ARP, DHCP, routing protocols and network devices like routers and switches.

Knowing, even a little of C/C++, x86 and Assembler is recommended if you want to get the most out of our three most advanced modules such as exploit development, shellcoding and rootkit coding. This means that you are able to write even small programs on your own.

A basic understanding of the HTTP protocol, Cookies, Sessions and PHP is adviced although not mandatory (basics are covered in the course).

I don't reach the Recommended skills required. What should I do?

If you don't meet the Minimum required skills you are entitled to enroll in our course at your own risk.
We will do our best to help you fill the skills gap pointing you towards the right direction.
Moreover our course comes with life-time access to course material so you can always refer to external books or references,
when you encounter difficulties during the course.

If you don't meet the Recommended required skills you should not worry.
You can still enroll in our course and eventually use the help of our private forum to clear your doubts.
Our instructors will be there to help you with any kind of question related to the course and even the background skills that you would require.

Need help determining your level?

Please contact us through live chat or our contact web form. One of our consultants will be available to help.

TESTIMONIALS

WHAT THEY SAY ABOUT US

Read what our clients, Industry experts and Leading Information Security websites say about us...

I think if you are looking for Penetration Testing Training this is a great choice, even if you have no desire to take the certification you can learn a lot just by studying the modules and applying yourself.
If you are just starting out (still studying or a fresh grad) I think the course and the certification will definitely have a positive effect on your career... and certainly makes economic sense when comparing to attending real life 5-day courses. It goes into a lot more depth than other courses and can really benefit your skills. I wish there was something like this in 1999 when I was starting out. The way in which the material is presented is a lot more interactive and interesting than many other courses out there with a good mix of words, images and videos plus a good theory/practical mix too. This makes it a lot easier as many of the topics within info sec can get very dry very fast.
Shaolin Tiger, Founder of Darknet.org.uk

eCPPT curriculum is definitely a valuable security training which permits both professionals and beginners to significantly improve or update their skills in a minimal amount of time.
Frédéric Bourla, Head of Ethical Hacking Department at High-Tech Bridge SA

I could not be what I am today if I did not know Mr Armando Romeo. Last 2 years I was a beginner, and I took eCPPT. This course opened up my horizon in penetration testing. Since then, my life has changed. I wish to express my gratitude to eLearnSecurity's staffs and especially to Mr Romeo for his help. You pave the way for me to enter the real security world.
Pornsook Kornkitichai, Security Engineer at Kasikorn Bank

I took the eCPPT course due to the lack of actual certifications that prove you have the skills required to attack and actually penetrate targets. Most certifications simply prove that you can take an exam and learn theory, but I was very pleased with the requirements to pass this course as it shows you have the practical skills as well.
Simon Earl, Director at IT Security Experts Ltd

This is what the CEH/LPT* should have been, and I am delighted to say that if students can master the topics and techniques in eLearnSecurity's Penetration Testing Pro, they should be well on their way to being an accomplished pentester
Jason Haddix, Penetration tester at HP and founder of SecurityAegis.com

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools. Covered in the course are much deeper understandings of topics such as buffer overflows (which, while I already understood the concepts, Armando and his team went out of their way to come up with the best high-level to low-level explanations I've read on the topic, for newcomers and seasoned professionals alike), Network Security, and Web Application Security. The coverage of these topics, and the amount of time they allow the student to access them, really helps to enforce good learning, with extended opportunity and study time, for an exceptional value. For anyone who is budget constrained, I'd say, with total confidence, that the value of eLearnSecurity's training meets and / or exceeds the value of many other programs available, and if one truly desires to learn the technical aspects of IT Security, it's a certification course well-worth the time and investment.
Timothy E. Everson MCNE CDE CLE CCNA CEH, Novell Inc.

The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen Armando
Denis Hancock, Manager Samurai at Consulting Pty Ltd

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.
Steven Collins

The learning experiences was amazing! I have learned so much in such a short time. Would recommend to any one (even the more experienced of us) to take that course. You wouldn't believe how much you can still learn!
Oded Brilon, StrikeForce Engineer at CSC Australia

Unbiased third party reviews that you can find online:

*Comparison with v6 of CEH curriculum

FAQ

FREQUENTLY ASKED QUESTIONS

If you have questions that you don't find answered here please contact us.

What software/hardware requirements are there?

You need to have a web browser with Flash plugin enabled.

In order to study the course you won't be forced to use any particular OS. However you will be provided with a copy of Backtrack or you can use your own. If you run Backtrack as a virtual machine, you are should have at least 2Gb RAM, 4GB is better.

An internet connection speed of at least 128Kbit/s. 256Kbit/s or higher is recommended.

How do you provide support?

As soon as you enroll in one of our courses you are provided with access to private forum where you will find instructors and community managers available to help you 24/7. Response time is usually a matter of hours (sometimes minutes).

Support for billing, technical and exam-related questions is also provided through email, ticketing service and live chat.

How can I pay?

We accept all major credit cards, Paypal, Wire transfer, 2Checkout, MoneyBookers and purchase order.

MoneyGram or Western Union are NOT accepted.

Are there any hidden fee?

There are no hidden fees. If you are from a country where VAT is required, you have to add VAT to our ticket price. We are legally obligated to collect VAT on your behalf.

There is no software to buy or renewal fees to pay and you get lifetime access to acquired course materials.

What happens when there's a new update to the contents?

You have lifetime access to course material and we will include minor updates to the contents free of charge. Minor updates include: an addition of a new module, a new video, bug fixes, improvements to labs, addition of a small number of new labs.

A major upgrade occurs when there is more than one new module added or the contents added are a significant portion of the material you acquired.

When we issue a new major upgrade you can upgrade to the new version with a minor upgrade fee, or keep your current version. The upgrade fee will be established proportionally to the amount of new content added and according to the time elapsed between your enrollment and the release of the new content. Note: if you enroll today and we issue a new major release you will get the new release for free.

There is no published update schedule and we reserve the right to issue minor or major updates when we see the need.

Can I request a refund if contents are too difficult for me?

Yes you can, but please read the Pre-Requisites for this course before enrolling.

What is the difference between subscription and full plans?

The only substantial difference between the two plans is that you can have your payment diluted through the subscription plan while nothing changes in terms of the content you receive.

If I choose to pay through the subscription plan, can I still get certified?

Yes, you will be given an eCPPT voucher as soon as you get the entire material (on the 60th day from enrollment).

Your exam deadline will be counted starting from the day you are assigned the eCPPT voucher.

Can I cancel my subscription?

You can cancel your subscription at any time.
As soon as you enroll you will receive 2 logins: one to access our course material and another to access your billing panel on our payment gateway Plimus. By using the Plimus login here you can manage your subscriptions.

Our subscription is meant to facilitate the payment for the course, not for you to receive sections of our course separately.
Once the subscription is completed, your access to the course material is unlimited.

If I choose to pay through the subscription plan, how much do I pay and when?

Under the Subscription plan, you will be billed $249 immediately after enrolling in the course; $200 after 30 days; and the final $200 after 60 days.

Every payment entitles you to receive a new section of our course. After the three billing cycles you will have full life-time access to all our course material and the eCPPT voucher.

"Read this before signing up for any Penetration Testing Course"

eLearnSecurity