Hands DOWN! The Best Pen Testing Certification! says USAF Red team "Yes. Pls quote me. The instructor was great, he was very knowledgeable. I had CEH and CHFI training from another vendor and I did receive a certification but I wish I had attended your classes instead, I would have learned much more." Americo .
The Q/SA Qualified/ Security Analyst Penetration Tester class is security analysis, penetration testing, vulnerability testing, with tactical security skills Certification & License labs. Over 40 penetration testing, shredding web apps, & privilege escalation labs. You will not get a more intense hands-on class in penetration testing and security analysis class anywhere else!
You earn a Q/SA Certification and (Optional) Q/PTL® Penetration Tester License that validates your skills. The Q/SA class has been considered by over 3500 professional security pen testers as the best penetration testing skills certification that validates you to be a Qualified Security Analyst Penetration Tester.
Daily you learn "how to test" & "how to report" network vulnerabilities and exploit bad code. We set the bar high for you to learn and practice breaking applications & exploiting vulnerabilities.
There is only one way to get a Q/PTL Qualified Penetration License and that is to EARN one, not buy one. The Optional Q/PTL is 3 hours after Q/SA class ends each day (Tuesday – Thursday). You'll practice how to gain access to unauthorized information with current exploitation tools and processes from the Q/SA class. Not just learn the tactical business skills necessary to perform valid vuln security testing regardless of the target, the Q/PTL workshop validates your penetration testing and security analysis tactical skills. To achieve your Q/PTL Qualified/ Penetration Tester License you must perform a penetration test “Practical” with a fully detailed management report which earns your Q/PTL License from Security University (due 7 days after class). Each Q/PTL session increases in complexity and scope. The more team skills improve the more complex the target range becomes. There may be other Pen Testing Licenses out there, but none prove your "Qualified" like than SU's Q/PLT, says NASA.
Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company's defenses every day. An organization either knows what the bad guys are going to find, or it doesn't. If you don't, it's not a matter of if, it's a matter of when. Great pen-testers think like hackers. They use the same tools and techniques, only they tend to be much more comprehensive in their testing of attack scenarios.
Our Qualified SSME instructors that know hacking, pen testing, analysis and policy. You will gain the mind set used by both security testers and hackers alike. In 5 days, you will pass your SU Q/SA exam and be prepared to write detailed executive reports for management.
What is a Q/ISP® "Qualified" Information Security Professional? The 125 question Q/ISP exam has questions from 4 IS Security Skills specialties:
Security Analysis Penetration Testing
Ethical Hacking
Forensics
Perimeter Protection, Malware, Incident Response.
The Q/ISP certification does not require classes.
The Q/ISP certification is awaiting ANSI's 17042 approval.
Security Universit's "Qualified" Q/ISP is a person that has an attained 4 SU Q/ISP® Education Certifications. Each Certification is attained by attending the Q/ISP skills classes that validate your tactical security skills - Q/EH, Q/SA & Q/PT License, Q/EP & Q/FE classes. Each class is one week of hands-on labs, with an online exam and "Practical" exam. You have to pass both the On-line in class exam and the "Practical" exam before you can achieve a SU Q/ISP Educational Certification. (awaiting NOCA Approval)
Prior to 2008, if you attended Security University's EC-Council Authorized CEH®, ECSA®,CHFI® classes and passed the exams you are eligible for the Q/ISP® Qualified Education Certifications and Q/ISP exam.
Since 2004 SU has certified over 3500 ECSA®/ Q/SA® Qualified Security Analysts Penetration Testers in 3 countries!
Customize your Q/SA® Q/PTL + ECSA training program today!
CORE IMPACT from Core Security8IP, 7-day eval LICENSE with every class registration! a $25,000 value - only at Security University!
Who should attend:
System and Network Administrators
Security Personnel
Auditors
Consultants concerned with network security
Threat management team
Software programmers
Forensic experts
Download the 2008 SU Computer Security Class Roadmap
Qualified Training for Qualified Results
Class Completion
Q/SA® Qualified/ Security Analyst Penetration Tester class & License is a step-up from other Network Penetration Testing Classes. You will see we set the bar high to provide you valuable skills and information, including:
Latest exploit goals and methodologies
Understanding the mind set needed to perform penetration testing
Advanced information-gathering techniques
Expert network discovery tools and techniques
Identifying & exploiting network weaknesses with Core Impact and more tools
Advanced enumeration of network devices, platforms and protocols
Cracking contemporary authentication and authorization
Advanced router, firewall and IDS testing \ Exploiting IPS
Vulnerability research and automated scanning in the enterprise
Scanning for root kits, trojans, malware and viruses
Tools for web application testing - Watchfire and freeware tools
Exploiting complex protocols, such as SSH, SSL, and IPSEC
Using payload generators
Advanced wireless testing tools and techniques
Advanced wireless testing tools and techniques AirCrack-NG
Penetration testing and the law
You'll learn how to gather viable data on your network & network vulnerabilities using leading edge tools like Nessus , GFI Landguard and Hyena, SOLAR WIND S, NMAP. During your testing you will learn how to use Exploitation tools like MetaSploit, Saint Scanner / Exploit tool , CORE IMPACT from Core Security, NIKTO & Open Source tools.
Penetration concepts you will master during this hands on class
Attacking network infrastructure devices
Hacking by brute forcing remotely
Security testing methodologies
Security exploit testing with IMPACT from Core Security
Stealthy network recon
Remote root vulnerability exploitation
Multi-OS banner grabbing
Privilege escalation hacking
Unauthorized data extraction
Breaking IP-based ACLs via spoofing
Evidence removal and anti-forensics
Hacking Web Applications
Breaking into databases with SQL Injection
Cross Site Scripting hacking
Remote access trojan hacking
Offensive sniffing
Justifying a penetration test to management and customers
Defensive techniques
Instructor-led hands-on lab exercises
Capture the Flag hacking exercises
Abusing DNS for host identification
Leaking system information from Unix and Windows
Stealthy Recon
Unix, Windows and Cisco password cracking
Remote buffer overflow exploit lab I - Stack smashing
Remote heap overflow exploit lab - Beyond the Stack
Desktop exploitation
Remote keylogging
Data mining authentication information from clear-text protocols
Remote sniffing
Malicious event log editing
Transferring files through firewalls
Hacking into Cisco routers
Harvesting web application data
Data retrieval with SQL Injection Hacking
Phase I — Gather the Data A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.
Phase II — Penetrate the Network How hackers get past the security and into the data. • Non-intrusive target search
• Intrusive target search
• Data analysis Network Discovery Tools and Techniques: Hands-On Exercises • Discovery/profiling objectives
• Locating Internet connections
• Host-locating techniques: manual and automated
• Operating system footprinting
• Evaluating Windows and Unix-based network discovery software tools
• Evaluating Windows and Unix-based application scanning software tools
• Review Step-by-step process of each scanning and profiling tool
• Directory services: DNS, DHCP, BOOTP, NIS
• Look-up services: finger, whois, search engines
• Remote sessions: telnet, "r" commands, X-Windows
• File sharing and messaging: FTP, TFTP, World Wide Web
• Windows Server Message Block (SMB), Network File
• Systems (NFS), and e-mail
• Sample exploits using common TCP/IP and NetBIOS utility software
The Q/SA & Q/PTL materials address common pitfalls in penetration testing and ethical hacking projects, with real-world targets and to maximize the quality of test results. Daily complex scenarios and capture the flag exercises increase your tactical skills.
Learn timesaving tactics based on years of tactical security experiences from real penetration testers and ethical hackers defeating a problem in minutes.
We stress the mind-set of successful penetration testers and ethical hackers and balance skills with "outside-the-box" thinking, a penetration methodology that stands the test of time and carefully weighing risks, and creating a quality final report for management
You analyze how penetration testing and ethical hacking fits into a comprehensive information security & assurance program.
Phase III — Analyze the Results Tips and techniques for effective, actionable penetration test analysis.
• Identifying network services
• Pinpointing vulnerabilities
• Demonstrating risks and escalating permissions
• Reviewing reports and screens from prominent discovery/profiling tools
• Analyzing current configuration Real-World Scenarios • Abusive e-mail
• Embezzlement
• Pornography
• Denial-of-service
• Web defacement
• Trojan Horse
Phase IV — Write the Report How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items. In-Class Exercises for your Q/PTL Validation "Qualification" • Building and maintaining a target list
• Conducting multiple non-intrusive and intrusive target searches
• Tools and techniques for testing for Web site vulnerabilities
• Probing and attacking network firewalls
• Performing multiple remote target assessment
• Performing multiple host assessment
• Validating vulnerabilities
• Writing up the final report
• Prepares you for the Q/PTL " Practical" The Q/PTL is the Most Prestigious Qualification for Security Analyst Penetration Testing Professionals
We wrote the book on Penetration Testing. 9 years ago Security University started training security professionals with the very best penetration step by step methodology class, 9 years later we still have the leading Pen Testing Certification in the industry. Over 40+ labs and Security University Q/SA® class is only CNSS-approved Security Analyst Penetration Tester class.
Now you can take the same Penetration Testing Methodology class that trains the US Air Force, Army, Navy and Marines trained to defend military networks. Your class is taught by SSME (Security Subject Matter Experts) who know the "Art of Penetration Testing & Hacking". You'll gain serious tactical security skills that will set you apart from your peers.
"This is an class, the instructor was excellent & very knowledgeable. I feel that I am leaving this course a much better Security Specialist. Wilson DHS"
ECSA™/LPT™ are a trademarks of EC-Council and are not SU class materials
