Hands DOWN! The Best Pen Testing Certification! says USAF Red team There are other Pen Testing Licenses out there, but none validate your "Qualified" than SU's Q/PLT, says NASA.
The Q/SA- Q/PTL Qualified/ Security Analyst Penetration Tester certification class & Q/PTL Qualified/ Penetration Tester License validation lab prepares you to learn "how to do Vulnerability Analysis" & "how to report" how compromised the network can be. You learn SU's Vulnerability Analysis & Penetration Testing process and methodology while doing "no harm".
The majority of the class consists of probing target networks, gaining user-level access and demonstrating just how compromised the network can be. SU teaches you the red team skills like leaving an innocuous file on a secure part of a network as a calling card, as if to say, “This is your friendly red team. We danced past the comical precautionary measures you call security hours ago. This file isn't doing anything, but if we were anywhere near as evil as the hackers we're simulating, it might just be deleting the very secrets you were supposed to be protecting. Have a nice day!”
The Q/SA® - Q/PTL® is the only security skills assessment certification that validates your Qualified/ Security Analyst Penetration Tester skills.
- DoD Navy 'PSparks IAM' - "I sat through Security University's Q/EH® class which was fairly impressive and asked a large number of questions concerning their other exams. Looking at the challenges that the DoD is attempting to address, the Q/ISP strikes me as more appropriate than most of the current exams. This course/exam group is multi-functional, each section dealing with a very IA oriented goal/need. The Q/PTL® which is part of the Q/ISP® Q/SA® requires a written test, a three hour examination of a specialized test scenario (also graded) and finally a two week period to complete a full diagnostic report. One of the student reports was 20 pages in length. Definitely a high level of competence to receive a certification."
There is only one way to get a Q/PTL Qualified/ Penetration License - you EARN one, not buy one. The Q/PTL is no longer "Optional" each night of class is a 3 hour challenging Q/PTL workshop where you practice real tactical security skills probing target networks, gaining user-level access and demonstrating just how compromised the network can be.
To Achieve your Q/PTL you must perform a real penetration test the last day of class and report back a “Practical”, fully detailed management report. Your report is due to SU 7 days after class.
This practical shows your penetration testing skills and valids them beyond question. Nightly exercise are no walk in the park, each Q/PTL session increases in complexity and scope. The more skilled the security team becomes, the more complex the target range.
We're here to help!
CALL NOW 877-357-7744
In 5 days, you will pass your SU Q/SA exam and be prepared to write detailed executive report for management.
Download the 2010 SU Computer Security Class Roadmap
Qualified Training for Qualified Results
Q/SA® Qualified/ Security Analyst Penetration Tester class & Q/PTL® License is much higher on the security pyramid of Security Analysis & Network Penetration Testing Skills Classes and Certifications. We set the bar to provide you tactical security skills including:
Security Analysis and Penetration Testing Process & Methodology
Latest exploit goals and methodologies
Understanding the mind set needed to perform penetration testing
Advanced information-gathering techniques
Expert network discovery tools and techniques
Identifying & exploiting network weaknesses with Core Impact and more tools
Advanced enumeration of network devices, platforms and protocols
Cracking contemporary authentication and authorization
Advanced router, firewall and IDS testing \ Exploiting IPS
Vulnerability research and automated scanning in the enterprise
Exploits & tools
Scanning for root kits, trojans, malware and viruses
Tools for web application testing - Watchfire Appscan and freeware tools
Exploiting complex protocols, such as SSH, SSL, and IPSEC
Using payload generators
Advanced wireless testing tools and techniques
Advanced wireless testing tools and techniques AirCrack-NG
Penetration testing and the law
You'll learn how to gather viable data on your network & network vulnerabilities using leading edge tools like Nessus , GFI Landguard and Hyena, SOLAR WIND S, NMAP. During your testing you will learn how to use Exploitation tools like MetaSploit, Saint Scanner / SaintExploit tool , CORE IMPACT from Core Security, NIKTO & Open Source tools.
Penetration concepts you will master during this hands on class
Attacking network infrastructure devices
Hacking by brute forcing remotely
Security testing methodologies
Security exploit testing with IMPACT from Core Security
Stealthy network recon
Remote root vulnerability exploitation
Multi-OS banner grabbing
Privilege escalation hacking
Unauthorized data extraction
Breaking IP-based ACLs via spoofing
Evidence removal and anti-forensics
Hacking Web Applications
Breaking into databases with SQL Injection
Cross Site Scripting hacking
Remote access trojan hacking
Offensive sniffing
Justifying a penetration test to management and customers
Defensive techniques
Instructor-led hands-on lab exercises
Capture the Flag hacking exercises
Abusing DNS for host identification
Leaking system information from Unix and Windows
Stealthy Recon
Unix, Windows and Cisco password cracking
Data mining authentication information from clear-text protocols
Remote sniffing
Malicious event log editing
Harvesting web application data
Data retrieval with SQL Injection Hacking
Phase I — Gather the Data A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.
Phase II — Penetrate the Network How hackers get past the security and into the data. • Non-intrusive target search
• Intrusive target search
• Data analysis Network Discovery Tools and Techniques: Hands-On Exercises • Discovery/profiling objectives
• Locating Internet connections
• Host-locating techniques: manual and automated
• Operating system footprinting
• Evaluating Windows and Unix-based network discovery software tools
• Evaluating Windows and Unix-based application scanning software tools
• Review Step-by-step process of each scanning and profiling tool
• Directory services: DNS, DHCP, BOOTP, NIS
• Look-up services: finger, whois, search engines
• Remote sessions: telnet, "r" commands, X-Windows
• File sharing and messaging: FTP, TFTP, World Wide Web
• Windows Server Message Block (SMB), Network File
• Systems (NFS), and e-mail
• Sample exploits using common TCP/IP and NetBIOS utility software
The Q/SA® & Q/PTL® materials address common pitfalls in penetration testing and ethical hacking projects, with real-world targets and to maximize the quality of test results. Daily complex scenarios and capture the flag exercises increase your tactical skills.
Learn timesaving tactics based on years of tactical security experiences from real penetration testers and ethical hackers defeating a problem in minutes.
We stress the mind-set of successful penetration testers and ethical hackers and balance skills with "outside-the-box" thinking, a penetration methodology that stands the test of time and carefully weighing risks, and creating a quality final report for management
You analyze how penetration testing and ethical hacking fits into a comprehensive information security & assurance program.
Phase III — Analyze the Results Tips and techniques for effective, actionable penetration test analysis.
• Identifying network services
• Pinpointing vulnerabilities
• Demonstrating risks and escalating permissions
• Reviewing reports and screens from prominent discovery/profiling tools
• Analyzing current configuration Real-World Scenarios • Abusive e-mail
• Embezzlement
• Pornography
• Denial-of-service
• Web defacement
• Trojan Horse
Phase IV — Write the Report How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items. In-Class Exercises for your Q/PTL® Validation "Qualification" • Building and maintaining a target list
• Conducting multiple non-intrusive and intrusive target searches
• Tools and techniques for testing for Web site vulnerabilities
• Probing and attacking network firewall's
• Performing multiple remote target assessment
• Performing multiple host assessment
• Validating vulnerabilities
• Writing up the final report
• Prepares you for the Q/PTL validation " Practical" Exam
10 years ago Security University started training security professionals with the very best penetration step by step process and methodology class, SU is still the leader in security Analysis & Penetration Testing Certifications in the industry. Security University Q/SA® class is CNSS-approved.
Now you can take the same Penetration Testing process and methodology class that trains the US Air Force, Army, Navy and Marines trained to defend military networks. Your class is taught by SSME (Security Subject Matter Experts) who know the "Art of Penetration Testing & Hacking". You'll gain serious tactical security skills that will set you apart from your peers.
"This is an class, the instructor was excellent & very knowledgeable. I feel that I am leaving this course a much better Security Specialist. Wilson DHS"
Appendix I,II,III
Packet Filtering,
IDS Log Analysis,
Vulnerability,
Log Analysis,
IPS & IDS correlation,
IDS & IPD countermeasures,
Wireless Security,
Software Security,
Network Security,
Event Correlation,
Threat Mgt,
Security Polices,
Virus Malware,
Code Review,
Reverse Engineering,
COOP,
Incident Response,
C&A
What is a Q/ISP® "Qualified" Information Security Professional Certification? The 125 question online Q/ISP certification exam has questions from 4 Q/ISP Security Skills certification prep classes:
Qualified/Ethical Hacking
Qualified/Security Analysis Penetration Testing
Qualified/Forensics Expert
Qualified/Network Defense
The Q/ISP, Q/EH, Q/SA- Q/PTL, Q/FE & Q/ND certification exams do not require training classes.
The Q/ISP certification is selected to be reviewed for 8570 certification list & awaiting NOCA's new assessment based certification approval.
What is a "Qualified" Q/ISP? A Qualified Q/ISP has attained 4 SU Q/ISP® Validation Certifications. Each Validation Certification is attained by attending the Q/ISP tactical security skills certification prep class to validates your tactical security skills - Q/EH, Q/SA - Q/PT License, Q/FE & Q/ND. Each validation & certification prep class is 5 days of hands-on labs, with an online certification exam AND a intense hands-on "Practical" exams. You have to pass both the On-line certification exam and the "Practical" validation projects before you earn a SU Q/ISP (Validation) Certification.
The Security University Security Pyramid represents enlightenment, man's breaking free of stagnant education and reaching towards the supreme source of security skills training and validation, globally illuminating risk preparedness.
Prior to 2008, if you attended Security University's EC-Council® Authorized CEH®, ECSA®,CHFI® classes and passed the exams you are eligible for the Q/ISP® Qualified Certifications but still have to pass the Q/ISP certification exam.
Since 2004 SU has certified over 3500 ECSA™/ Q/SA® Qualified Security Analysts Penetration Testers in 7 countries!
Customize your Q/SA® Q/PTL training program today! US Congress wants hack teams for self-penetration download for more..
Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company's defenses every day.
The Q/ISP Qualified/ Information Security Professional Certification Program has been selected as finalists for SC Magazine's Best Professional Security Training Program 2009. Click here to view the press release
Legal Notice:
The ECSA™/LPT™ Certification is provided exclusively by EC-Council® and its ATC's, Security University is not sponsored by, approved by, or affiliated in any way with EC-Council®.
