CREST Practitioner Security Analyst

The CPSA course leads to the CREST Practitioner Security Analyst (CPSA) examination, which is an entry level qualification that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level below that; of the main CRT and CCT qualifications.

Delegates are provided with a Pearson Vue exam voucher for the CPSA examination as part of the course fee. The CPSA examination also includes an intermediate level of web application security testing and methods to identify common web application security vulnerabilities. The examination covers a common set of core skills and knowledge that assess the candidate’s technical knowledge. The candidate must demonstrate that they are able to perform basic infrastructure and web application testing and interpret the results to locate security vulnerabilities. Success will confer the CREST Practitioner status to the individual. This qualification is a pre-requisite for the CREST Registered Penetration Tester (CRT) examination and comprises a multiple-choice examination. CRT is available as a separate course.

CREST worked with Hack The Box to map its content against CREST exams and create fully bespoke CREST labs. Pathways for CREST Practitioner Security Analyst (CPSA) and CREST Registered Penetration Tester (CRT) are available from today. CREST Certified Infrastructure Tester (CCT INF), CREST Certified Web Application Tester (CCT APP) and CREST Certified Simulated Attack Specialist (CCSAS) training pathways will be available in the new year.

The Hack The Box labs will allow experiential hands-on training towards CREST certifications, featured in Hack The Box’s innovative gamified, and fully intuitive platform to improve learning outcomes. Using the Hack The Box platform, learners will be better able to get prepared and assess whether they are ready to take and pass the CREST exams.

Target Audience

• Aspiring information security personnel who wish to be part of a PenTest team
• System administrators who are responding to attacks
• Incident handlers who wish to expand their knowledge into Penetration Testing and Digital Forensics
• Corporations and Government departments who wish to raise and baseline skills across all security teams
• Law enforcement officers or detectives who want to expand their investigative skills
• Information security managers who would like to brush up on the latest techniques and processes inorder to understand information security implications
• Anyone who is considering a career in Penetration Testing

A good appreciation of the technical aspects of ICT. QAFCCS and or CISMP is recommmended.

Day 1

• Intro
• What is Cybersecurity
• Security Concepts
• Risk
• VA & Pen Testing
• Threat Modelling
• Law & Compliance
• Module Summary

Day 2

• Network Overview
• Networking Models
• Network Types & Topologies
• Networking Devices
• Network Addresses & Protocols
• Internet Protocol Suite
• Module Summary

Day 3

• Assessing Logical Ports
• Organisational Security
• Assessing Operating Systems
• Windows
• Module Summary

Module 4

• Application Exploits
• Web Server Exploits
• Web Browser Exploits
• Secure Application Design
• Secure Coding
• Auditing Applications
• Module Summary

Module 5

• Cryptography Application
• Identity and Access Management
• Cryptocurrency
• Module Summary