© 2019 ForcesPathways.com

Tel: (020) 7971 1175

  • LinkedIn Social Icon
  • Facebook Social Icon
  • Twitter Social Icon

Company Address: 3rd Floor, 86-90 Paul St, London, EC2A 4NE

Curriculum 

Module 1: Soft Skills and Assessment Management 

  • Engagement Lifecycle

  • Law & Compliance

  • Scoping

  • Understanding Explaining and Managing Risk

  • Record Keeping, Interim Reporting & Final Results 

Module 2: Core Technical Skills 

  • IP Protocols

  • Network Architectures

  • Network Routing

  • Network Mapping & Target Identification

  • Interpreting Tool Output

  • Filtering Avoidance Techniques

  • Packet Crafting

  • OS Fingerprinting 

  • Application Fingerprinting and Evaluating Unknown Services

  • Network Access Control Analysis

  • Cryptography

  • Applications of Cryptography

  • File System Permissions

  • Audit Techniques 

Module 3: Information Gathering & Open Source 

  • Registration Records

  • Domain Name Server (DNS)

  • Customer Web Site Analysis

  • Google Hacking and Web Enumeration

  • NNTP Newsgroups and Mailing Lists

  • Information Leakage from Mail & News Headers 

Module 4: Networking Equipment

  • Management Protocols

  • Network Traffic Analysis

  • Networking Protocols

  • IPSec

  • VoIP

  • Wireless

  • Configuration Analysis 

Module 5: Microsoft Windows Security Assessment

  • Domain Reconnaissance

  • User Enumeration

  • Active Directory

  • Windows Passwords

  • Windows Vulnerabilities

  • Windows Patch Management Strategies

  • Desktop Lockdown

  • Exchange

  • Common Windows Applications 

Module 6: Unix Security Assessment 

  • User Enumeration 

  • Unix Vulnerabilities 

  • FTP 

  • Sendmail / SMTP

  • Network File System (NFS)

  • R* services

  • X11

  • RPC services

  • SSH 

Module 7: Web Technologies 

  • Web Server Operation

  • Web Servers & their Flaws

  • Web Enterprise Architectures

  • Web Protocols

  • Web Mark-up Languages

  • Web Programming Languages

  • Web Application Servers

  • Web APIs

  • Web Sub- Components

Module 8: Web Testing Methodologies

  • Web Application Reconnaissance

  • Threat Modelling and Attack Vectors

  • Information Gathering from Web Mark-up

  • Authentication Mechanisms

  • Authorisation Mechanisms

  • Input Validation

  • Application Fuzzing

  • Information Disclosure in Error Messages

  • Use of Cross Site Scripting Attacks

  • Use of Injection Attacks

  • Session Handling

  • Encryption

  • Source Code Review

Module 9: Web Testing Techniques

  • Session ID Attacks

  • Fuzzing

  • Data Confidentiality and Integrity

  • CRLF Attacks 

  • Application Logic Flaws

Module 10: Databases

  • Microsoft SQL Server

  • Oracle RDBMS

  • Web / App / Database Connectivity

Module 11: Preparation for the CPSA exam

  • Examination guidance

  • Mock exam

Read more...