A Quick Note on EC-Council’s New Version ECSA V10
    Latest Tech news Right in


    Receive News Alerts, Special Info and other offers!
    We Respect your Privacy. Your Information will not be shared.

    A Quick Note on EC-Council’s New Version ECSA V10

    Asha Devi N D | Apr 27, 2018 | 2031 Views | 0 Comments
    A Quick Note on EC-Council’s New Version ECSA V10

    A professional level pen testing program is the demand of the day in any of the organizations.

    To attain this professional level skills, the core curricula of the certification professional gains must map with it and is anticipated to be in compliance with Government and the industry published frameworks.

    Evidently, EC-Council new release, ECSA v10 curricula exactly present the comprehensive methodologies that match with the pentesting requirements across varied industrial segments.

    Let’s explore what’s new in version: ECSA v10


    The new ECSA v10 has the updated curricula in alignment with the industry recognized penetration testing methodology. It elevates the participant’s ability to apply new skills, provides a deeper understanding of Web Application Penetration Testing, Internal Network Testing, Password Cracking, Web Application Penetration Testing, and so forth.  

    In correspondence with the new updates of CEH v10 program, the ECSA v10 program has been re-engineered as a progression. This 5-day intensive course is highly interactive, standard based, and helps the security professionals to know the real-life penetration testing.

    Further, the participants who clear the knowledge exam have an option to pursue practical exam that enables them to test the skills and earn ECSA [Practical] credential.

    Mention not to say, it forms the “Professional” level course in the VAPT Track of EC-Council.

    Highlights of ECSA v10:

    1.Compliant with NICE 2.0 Framework:

    ECSAv10 maps with NICE framework’s Analyze (AN) and Collect and Operate (CO) specialty area.

    2. New Module:

    Social Engineering Pen Testing Methodology: The 2017 Verizon Data Breach Investigation Report states that 43% of the documented breaches are due to social engineering attacks. As a compensatory and preventive effort to fill the huge gap, this ECSA v10 program comprehensively covers the pentesting domain.

    3. An Insight into Methodologies:

    It focuses on the methodologies like Network, Database, Wireless, Web Application, Cloud pen testing, and, etc. The methodologies are as best as from ISO 27001, OSSTMM, and NIST Standards.

    4. A perfect blend of manual and automated testing approach:

    It is evident that manual testing complements with the automated ones. Human intervention is as necessary as the automated tools. For instance: Logic testing.

    The testing approach here combines both of them to derive maximum benefit.

    5. Designed depending on the most common testing services:

    The penetration testing methodologies are designed as per the market approach which includes

    • Network Penetration Testing
    • Web Application Penetration Testing
    • Social Engineering Penetration Testing
    • Wireless Penetration Testing
    • Cloud Penetration Testing
    • Database Penetration Testing

    6. Presents an engagement methodology:

    A module is completely dedicated to alert the pre-engagement activities, initiate and set the Rule of Engagement [RoE] for the penetration test.

    7. Guidance for Report Writing:

    Just like for engagement methodology, a module is dedicated to report writing too. It describes the needed skills to draft the test report in such a way that the findings of the test are agreeable and justifiable to the concerned client.

    8. Hands-on Labs:

    This course helps the participants to have a direct experience on penetration testing process starting from scoping to report writing.

    9. Standard Templates:

    The course offers a bundle of standard templates essential for scoping, engagement process, collecting, and report writing and makes the participant’s learning easier.

    Moving forward, let us have a brief comparison of the EC-Council products CEH v10 and ECSA v10.


    As a known fact, ECSA is the learning progress in continuation of the CEH program. Built on the skills and abilities covered in new CEH v10 program, it takes the tools learned over there as a practical challenge.

    Some of the main differentiators have been tabulated below for your easy reference.


    CEH v10 ECSA v10
    Core level in the VAPT Track A Professional level in the VAPT Track
    Learn Baseline Skills Learn Advanced Skills
    Learn about the tools used Learn more tools
    Learn to defend against Conduct Penetration Testing Methodologies

    Can be compared to ‘A Soldier’ ie. it refers to dodging a bullet

    Can be compared to ‘The General’ ie. it refers to expertise the Art of War


    Let us continue further and know about the course in detail.

    Course Outline:

    The course outline is enlisted below:

    • Introduction to Penetration Testing and Methodologies
    • Penetration Testing Scoping and Engagement Methodology
    • Open Source Intelligence (OSINT) Methodology
    • Social Engineering Penetration Testing Methodology
    • Network Penetration Testing Methodology - External
    • Network Penetration Testing Methodology - Internal
    • Network Penetration Testing Methodology - Perimeter Devices
    • Web Application Penetration Testing Methodology
    • Database Penetration Testing Methodology
    • Wireless Penetration Testing Methodology
    • Cloud Penetration Testing Methodology
    • Report Writing and Post Testing Actions

    Intended Audience:

    The target audience for this course are as follows:

    • Ethical Hackers
    • Penetration Testers
    • Security Analysts
    • Security Engineers
    • Network Server Administrators
    • Firewall Administrators
    • Security Testers
    • System Administrators
    • Risk Assessment Professionals

    Self-study Modules:

    • Penetration Testing Essential Concepts
    • Password Cracking Penetration Testing
    • Denial-of-Service Penetration Testing
    • Stolen Laptop, PDAs and Cell Phones Penetration Testing
    • Source Code Penetration Testing
    • Physical Security Penetration Testing
    • Surveillance Camera Penetration Testing
    • VoIP Penetration Testing
    • VPN Penetration Testing
    • Virtual Machine Penetration Testing
    • War Dialing
    • Virus and Trojan Detection
    • Log Management Penetration Testing
    • File Integrity Checking
    • Telecommunication and Broadband Communication Penetration Testing
    • Email Security Penetration Testing
    • Security Patches Penetration Testing
    • Data Leakage Penetration Testing
    • SAP Penetration Testing
    • Standards and Compliance
    • Information System Security Principles
    • Information System Incident Handling and Response
    • Information System Auditing and Certification

    New Exam Pattern:


    ECSA Exam

    • Attend Training through EC-Council Accredited Training Center
    • Possess a minimum of 2 years of experience in related Infosec domain


    ECSA Practical Exam:

    • ECSA Member in good standing
    • Possess a minimum of 2 years of experience in related Infosec domain
    • Industry equivalent certifications: GPEN cert or OSCP


    How to take the ECSA v10 course?

    Stay tuned on to our website for the latest news update.

    Note: The ECSA v9 retires by the end of September 2018.

    This content is brought to you by Mercury Solutions Limited, one of the best IT Training Company in India. Mehar Ahluwalia, the founder, with a vision of making the professionals’ career more fulfilling, is dedicated to delivering world-class IT Training programs and Certifications to the global participants.
    Tags : ECSA V10, ECSA v10 VALUE

    Recommended Posts


    Mercury Solutions Ltd. is rated 4.6 stars by based on 18 reviews.